Verticals Targeted: Software Development
Executive Summary
An ongoing social engineering campaign was observed targeting software developers. The threat actors use fake interviews to deliver a Python-based RAT, known as DevPopper.
Verticals Targeted: Government
Executive Summary
DISGOMOJI is a RAT controlled via emojis sent over Discord. It was recently observed targeting government entities in India.
Executive Summary
XWorm is a .NET based, modular, multi-purpose malware family most often used as a RAT. CERT Polska analyzed an Xworm sample distributed via malspam containing an .lzh file.
Executive Summary
Threat actors affiliated with Qakbot were observed distributing Ransom Knight ransomware and Remcos RAT.
Related Families: AsyncRAT
Verticals Targeted: Consumer Services
Executive Summary
DcRAT is a clone of AsyncRAT and is used for remote access and stealing information. It also has ransomware capabilities. DcRAT has distributed via adult content-themed lures, including lures for OnlyFans pages.
Related Families: AhMyth
Executive Summary
AhRAT, an Android RAT, was disguised as the iRecorder app. This malicious version of the iRecorder app is capable of recording audio and exfiltrating files from a victim’s device.
Related Families: Sword2033
Executive Summary
China nexus threat actor group Gallium was recently observed using a new Linux variant of PingPull in an espionage campaign.