Tag: multi-stage

14 Attack Reports | 0 Vulnerabilities

Attack reports

Malicious VSCode Extension Launches Multi-Stage Attack Chain with Anivia Loader and OctoRAT

A malicious Visual Studio Code extension named 'prettier-vscode-plus' was discovered on the official VSCode Marketplace, impersonating the legitimate Prettier formatter. This extension served as the entry point for a multi-stage malware chain, starting with the Anivia loader, which decrypted and ex…
supply-chain
developers
process-hollowing
extension
multi-stage
vscode
uac-bypass
2025-12-04
remote-access-toolkit
anivia
octorat
Published: December 4, 2025
Downloadable IOCs: 8

ClickFix Gets Creative: Malware Buried in Images

A multi-stage malware execution chain originating from a ClickFix lure has been discovered, leading to the delivery of infostealing malware like LummaC2 and Rhadamanthys. The campaign utilizes steganography to hide malicious code within PNG images. Two distinct ClickFix lures were observed: a stand…
social engineering
lummac2
rhadamanthys
infostealer
steganography
clickfix
multi-stage
2025-11-24
windows update
Published: November 24, 2025
Downloadable IOCs: 32

Deconstructing a Cyber Deception: An Analysis of the Clickfix HijackLoader Phishing Campaign

This analysis delves into the HijackLoader malware campaign, which has gained prominence since 2023 for its sophisticated payload delivery and evasion techniques. The campaign initiates with a CAPTCHA-based phishing attack, progressing through multiple stages of obfuscated PowerShell scripts. It em…
obfuscation
phishing
powershell
infostealer
hijackloader
lumma
deerstealer
anti-vm
multi-stage
castleloader
2025-09-12
castlebot
nekostealer
Published: September 12, 2025
Downloadable IOCs: 14

APT MuddyWater Targets CFOs with Multi-Stage Phishing & NetBird Abuse

A sophisticated spear-phishing campaign, likely linked to APT MuddyWater, is targeting CFOs and finance executives across multiple continents. The attackers use Firebase-hosted phishing pages with custom CAPTCHA challenges, malicious VBS scripts, and multi-stage payload delivery to deploy NetBird, …
apt
remote-access
finance
spear-phishing
multi-stage
vbs
firebase
2025-08-21
ateraagent
cfo
netbird
Published: August 21, 2025
Downloadable IOCs: 0

Malvertising campaign leads to PS1Bot, a multi-stage malware framework

A malware campaign utilizing malvertising has been distributing PS1Bot, a sophisticated multi-stage framework implemented in PowerShell and C#. PS1Bot features modular design, enabling information theft, keylogging, reconnaissance, and persistent system access. The malware minimizes artifacts and u…
malvertising
powershell
cryptocurrency
modular
in-memory execution
information stealer
multi-stage
c#
2025-08-12
ahk bot
ps1bot
skitnet
Published: August 12, 2025
Downloadable IOCs: 0

Sealed Chain of Deception: Actors leveraging Node.JS to Launch JSCeal

A sophisticated malware campaign called JSCEAL is targeting cryptocurrency users through fake apps impersonating popular trading platforms. The attackers use malicious ads to lure victims into downloading installers that deploy a multi-stage infection chain. This includes PowerShell scripts for pro…
evasion
malvertising
powershell
cryptocurrency
stealer
node.js
multi-stage
fake apps
2025-07-31
jsceal
jsc
Published: July 31, 2025
Downloadable IOCs: 268

A New Breed of Infostealer

A newly discovered .NET-based infostealer, Chihuahua Stealer, combines common malware techniques with advanced features. The infection begins with an obfuscated PowerShell script shared via Google Drive, initiating a multi-stage payload chain. Persistence is achieved through scheduled tasks, and th…
powershell
infostealer
exfiltration
persistence
encryption
.net
multi-stage
2025-05-13
browser-data
chihuahua stealer
crypto-wallets
Published: May 13, 2025
Downloadable IOCs: 8

Stealthy .NET Malware: Hiding Malicious Payloads as Bitmap Resources

This article discusses a new obfuscation technique used by threat actors to conceal malware within bitmap resources embedded in seemingly benign 32-bit .NET applications. The malware employs a multi-stage process to extract, deobfuscate, load, and execute secondary payloads, ultimately leading to t…
obfuscation
steganography
malspam
.net
agent tesla
remcos rat
multi-stage
xloader
2025-05-09
bitmap
Published: May 9, 2025
Downloadable IOCs: 0

FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE

An investigation of nine malware samples revealed FOG ransomware being distributed by cybercriminals impersonating the Department of Government Efficiency (DOGE). The ransomware, spread via email and phishing attacks, is concealed in a ZIP file named 'Pay Adjustment.zip'. The infection chain involv…
phishing
ransomware
foggyweb
privilege escalation
data exfiltration
sandbox evasion
multi-stage
2025-04-21
doge
Published: April 21, 2025
Downloadable IOCs: 6

SnakeKeylogger: Multistage Info Stealer Malware Analysis & Prevention

SnakeKeylogger is a highly active credential-stealing malware targeting individuals and businesses. It employs a multi-stage infection chain, starting with malicious spam emails containing .img files. The malware uses sophisticated techniques like process hollowing and obfuscation to evade detectio…
obfuscation
credential-theft
process-hollowing
multi-stage
snakekeylogger
info-stealer
2025-03-25
spam-email
apache-server
Published: March 25, 2025
Downloadable IOCs: 2

StaryDobry campaign targets gamers with XMRig miner

A cybercriminal campaign launched on December 31 exploited reduced vigilance during the holiday season by distributing trojanized versions of popular games via torrent sites. The attack, which lasted a month, affected users worldwide by spreading the XMRig cryptominer. The sophisticated infection c…
xmrig
cryptomining
defense evasion
gaming
multi-stage
2025-02-18
torrents
resource spoofing
Published: February 18, 2025
Downloadable IOCs: 15

LegionLoader exposed!

LegionLoader, also known as Satacom, CurlyGate, and RobotDropper, is an active downloader malware that has gained significant traction recently, amassing over 2,000 samples in weeks. The campaign appears to have started on December 19, 2024, with Brazil being the most affected country. The malware …
brazil
downloader
drive-by download
anti-sandbox
msi
multi-stage
legionloader
robotdropper
2025-02-10
satacom
dll injection
curlygate
Published: February 10, 2025
Downloadable IOCs: 108

Dissecting A Multi-Stage PowerShell Campaign Using Chisel

A sophisticated multi-stage PowerShell campaign has been identified, utilizing an LNK file to initiate a sequence of obfuscated scripts. The attack maintains persistence and stealth by connecting with a command-and-control server. It employs Chisel, a fast TCP/UDP tunneling tool, and a Netskope pro…
powershell
persistence
lateral movement
lnk file
multi-stage
command-and-control
2024-11-12
chisel
Published: November 12, 2024
Downloadable IOCs: 17

Cryptocurrency Enthusiasts Targeted in Multi-Vector Supply Chain Attack

A sophisticated malware campaign targeting cryptocurrency enthusiasts has been uncovered, utilizing multiple attack vectors including a malicious Python package on PyPI and deceptive GitHub repositories. The multi-stage malware, disguised as cryptocurrency trading tools, aims to steal sensitive dat…
supply-chain
cryptocurrency
data-theft
social-engineering
pypi
github
2024-11-04
multi-stage
gui
cryptoaitools
Published: November 4, 2024
Downloadable IOCs: 2
Click here to see more Attack Reports