New Botnet Emerges from the Shadows: NightshadeC2

Sept. 5, 2025, 2:46 p.m.

Description

A new botnet called NightshadeC2 has been identified, employing sophisticated techniques to bypass malware analysis sandboxes and exclude itself from Windows Defender. It uses a 'UAC Prompt Bombing' technique and has both C and Python variants. The botnet's capabilities include reverse shell, file execution, self-deletion, remote control, screen capture, hidden web browsers, and keylogging. It's being distributed through ClickFix attacks and trojanized legitimate software. The botnet uses encryption for C2 communication and gathers victim information. It also employs various persistence mechanisms and can bypass certain sandbox environments. The discovery highlights the evolving sophistication of malware and the need for advanced detection and response capabilities.

External References

https://www.esentire.com/blog/new-botnet-emerges-from-the-shadows-nightshadec2
https://otx.alienvault.com/pulse/68babf81ce8dc0a40f7d42f5
Tags
botnet
lumma stealer
keylogging
sandbox evasion
c2 communication
uac bypass
trojanized software
2025-09-05
nightshadec2

Date

  • Created: Sept. 5, 2025, 10:46 a.m.
  • Published: Sept. 5, 2025, 10:46 a.m.
  • Modified: Sept. 5, 2025, 2:46 p.m.

Attack Patterns