Today > 1 Critical | 4 High | 11 Medium | 6 Low vulnerabilities   -   You can now download lists of IOCs here!

AsyncRAT Reloaded: Using Python and TryCloudflare for Malware Delivery Again

Feb. 4, 2025, 3:14 p.m.

Description

A new AsyncRAT malware campaign has been identified, utilizing malicious payloads delivered through TryCloudflare quick tunnels and Python packages. The attack chain begins with a phishing email containing a Dropbox URL, leading to a ZIP file with an internet shortcut. This triggers a series of downloads, ultimately executing AsyncRAT malware via Python scripts. The campaign employs legitimate infrastructure like Dropbox and TryCloudflare to evade detection. It uses a multi-step process involving LNK, JavaScript, and BAT files, culminating in the extraction of malicious Python scripts. The attackers use process injection techniques to inject shellcode into legitimate processes like notepad.exe and explorer.exe. This sophisticated approach highlights the evolving nature of cyber threats and the exploitation of legitimate services for malicious purposes.

Date

Published: Feb. 1, 2025, 8:19 a.m.

Created: Feb. 1, 2025, 8:19 a.m.

Modified: Feb. 4, 2025, 3:14 p.m.

Attack Patterns

VenomRat

XWorm

AsyncRAT

T1059.006

T1059.001

T1571

T1204.002

T1573

T1129

T1106

T1055

T1204

T1027

T1566