Tag: multi-stage infection

10 Attack Reports | 0 Vulnerabilities

Attack reports

Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT

This report details two interconnected malware campaigns targeting Chinese-speaking users in 2025, using large-scale brand impersonation to deliver Gh0st RAT variants. The first campaign, active from February to March, mimicked three brands across over 2,000 domains. The second campaign, starting i…
gh0st rat
dll side-loading
brand impersonation
chinese-speaking targets
multi-stage infection
cloud infrastructure
2025-11-15
domain generation
Published: November 15, 2025
Downloadable IOCs: 0

Batavia spyware steals data from Russian organizations

The Batavia spyware campaign, active since July 2024, targets Russian industrial enterprises through phishing emails containing malicious links disguised as contract documents. The infection process involves three stages: a VBS script downloader, the WebView.exe spyware, and the javav.exe module. T…
phishing
spyware
uac bypass
multi-stage infection
2025-07-07
vbs script
webview.exe
batavia
javav.exe
Published: July 7, 2025
Downloadable IOCs: 2

Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation

This article analyzes two new variants of the KimJongRAT stealer: a Portable Executable (PE) variant and a PowerShell implementation. Both variants use a multi-stage infection process, starting with a Windows shortcut (LNK) file that downloads a dropper from a content delivery network. The PE varia…
powershell
cryptocurrency
stealer
multi-stage infection
browser extensions
2025-06-17
kimjongrat
content delivery network
Published: June 17, 2025
Downloadable IOCs: 0

New 'Chihuahua Stealer' Targets Browser Data and Crypto Wallets

A novel infostealer named Chihuahua Stealer has been detected, blending standard malware techniques with advanced features. This .NET-based malware employs a multi-stage PowerShell script infection process, utilizing Base64 encoding, hex-string obfuscation, and scheduled tasks for persistence. It t…
powershell
infostealer
.net
multi-stage infection
crypto wallets
browser data
2025-05-14
chihuahua stealer
aes-gcm
Published: May 14, 2025
Downloadable IOCs: 2

Russian COLDRIVER Hackers Deploy LOSTKEYS Malware to Steal Sensitive Information

The Google Threat Intelligence Group has identified a sophisticated malware called LOSTKEYS, attributed to the Russian government-backed threat actor COLDRIVER. Active since December 2023, LOSTKEYS represents an evolution in COLDRIVER's toolkit, targeting high-value entities such as NATO government…
powershell
ukraine
captcha
nato
multi-stage infection
ngo
lostkeys
2025-05-10
intelligence collection
russian hackers
western governments
Published: May 10, 2025
Downloadable IOCs: 0

Lumma Stealer Chronicles: PDF-themed Campaign Using Compromised Educational Institutions' Infrastructure

An ongoing malware campaign is distributing Lumma Stealer, an information-stealing malware, through malicious LNK files disguised as PDF documents. The campaign exploits compromised educational institutions' infrastructure to host these files. When executed, the LNK files initiate a multi-stage inf…
phishing
lumma stealer
information stealing
maas
lnk files
multi-stage infection
2025-02-17
steam profiles
educational institutions
pdf-themed
Published: February 17, 2025
Downloadable IOCs: 24

XWorm: Analyzing New Infection Tactics With Old Payload

A recent malware campaign utilizes a multi-stage infection chain starting with a LNK file that lures victims into opening an invoice in a web browser. The attack involves PowerShell commands, batch files, and Python scripts to download and execute the XWorm payload. The infection process includes d…
xworm
python
powershell
keylogging
lnk file
shellcode injection
multi-stage infection
2024-12-04
Published: December 4, 2024
Downloadable IOCs: 0

Analysis of AsyncRAT's Infection Tactics via Open Directories

This analysis explores two distinct methods used to infect systems with AsyncRAT through open directories. The first technique involves a multi-stage process using various obfuscated scripts (VBS, BAT, PowerShell) and disguised files to download and execute the AsyncRAT payload. The second method e…
obfuscation
powershell
asyncrat
remote access trojan
multi-stage infection
2024-11-07
vbs
scheduled tasks
bat
open directories
Published: November 7, 2024
Downloadable IOCs: 15

New Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps

A command-and-control framework called Winos 4.0 is being distributed through gaming-related applications, targeting Chinese-speaking users. The malware, rebuilt from Gh0st RAT, uses a multi-stage infection process involving fake BMP files, DLLs, and shellcode. It can harvest system information, ca…
gh0st rat
cryptocurrency wallets
multi-stage infection
2024-11-06
command-and-control
winos 4.0
optimization apps
Published: November 6, 2024
Downloadable IOCs: 2

Notorious WrnRAT Delivered Mimic As Gambling Games

Cybersecurity analysts have uncovered a sophisticated malware operation targeting online gambling platforms. Threat actors are distributing the WrnRAT malware by disguising it as popular Korean gambling games. The multi-stage infection process involves a batch script, followed by a .NET-based dropp…
korea
gambling
screen capture
2024-10-29
pyinstaller
wrnrat
multi-stage infection
financial exploitation
Published: October 29, 2024
Downloadable IOCs: 5
Click here to see more Attack Reports