Verticals Targeted: Financial, Enterprises
Regions Targeted: Not specified
Related Families: Ermac, Brokewell
Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: Snowlight dropper
Executive Summary
VShell is a sophisticated Go-based backdoor targeting Linux systems through a novel infection chain that weaponizes filenames in RAR archives. This malware, linked to Chinese APT groups, exploits common shell scripting practices to execute malicious Bash payloads, delivering a stealthy, memory-resident backdoor capable of remote control, file operations, and network tunneling.
Verticals Targeted: Financial
Regions Targeted: Hong Kong, United Arab Emirates, Lebanon, Malaysia, Jordan
Related Families: AsyncRAT, AwesomePuppet, Gh0st RAT
Executive Summary
GodRAT is a RAT derived from the Gh0st RAT codebase. It was observed targeting financial institutions via malicious .scr and .pif files distributed through Skype. Leveraging steganography and additional plugins like FileManager, GodRAT facilitates credential theft and system exploration.
Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: AHK Bot, Skitnet/Bossnet
Verticals Targeted: Public Sector, Aviation
Regions Targeted: Middle East
Related Families: None
Executive Summary
Charon is a new ransomware family employing advanced APT-style techniques, targeting Middle Eastern public sector and aviation organizations with tailored ransom demands. Its sophisticated attack chain, including DLL sideloading and process injection, underscores the growing convergence of ransomware and APT tactics.
Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: None
Executive Summary
Researchers have uncovered Plague, a previously undetected Linux backdoor masquerading as a malicious Pluggable Authentication Module (PAM) to enable persistent SSH access and authentication bypass. This implant's layered obfuscation and environment tampering allow it to evade detection, persisting across system updates with minimal forensic traces.
Verticals Targeted: Government, Healthcare, Manufacturing, Transportation, Law and Consulting, IT, Agriculture
Regions Targeted: Brazil, Japan, Canada, Turkey, South Korea, Taiwan, United States
Related Families: Conti
Executive Summary
Gunra ransomware has debuted a Linux variant that boosts encryption speed and flexibility, signaling a shift toward broader cross-platform attacks following its initial Windows campaigns.
Verticals Targeted: Government
Regions Targeted: US
Related Families: StealC, RedLine, NetSupport RAT, DeerStealer, HijackLoader, SectopRAT
Executive Summary
CastleLoader, a versatile malware loader, has infected 469 devices since May 2025, leveraging Cloudflare-themed ClickFix phishing and fake GitHub repositories to deliver information stealers and RATs. Its sophisticated attack chain, high infection rate, and modular design make it a significant threat to organizations, particularly U.S. government entities.