The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

CastleLoader

Aug 8, 2025 11:51:37 AM / by The Hivemind posted in Threat Bulletin, Phishing, Redline, Emerging Threat, PowerShell, StealC, ClickFix, CastleLoader, GitHub, DeerStealer, malware loader, NetSupport RAT

0 Comments

Verticals Targeted: Government
Regions Targeted: US
Related Families: StealC, RedLine, NetSupport RAT, DeerStealer, HijackLoader, SectopRAT


Executive Summary

CastleLoader, a versatile malware loader, has infected 469 devices since May 2025, leveraging Cloudflare-themed ClickFix phishing and fake GitHub repositories to deliver information stealers and RATs. Its sophisticated attack chain, high infection rate, and modular design make it a significant threat to organizations, particularly U.S. government entities.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts