CastleRAT attack first to abuse Deno JavaScript runtime to evade enterprise security

Description

A sophisticated infection chain has been discovered that installs CastleRAT malware without leaving traces on disk. The attack uniquely abuses the Deno runtime as a malicious framework, combining social engineering, steganography, and in-memory execution to evade detection. The process involves tricking users into executing a command, installing Deno, running obfuscated JavaScript, and decoding a payload hidden in a JPEG image. CastleRAT then gains total control, performing host fingerprinting, keylogging, clipboard hijacking, digital identity theft, and audio/video surveillance. This campaign demonstrates the evolution of malware towards invisibility and the need for advanced endpoint behavioral monitoring to detect such threats.