Malware

A collection of 151 posts
BatShadow launches Vampire Bot in fake job campaigns
VampireBot

BatShadow launches Vampire Bot in fake job campaigns

Threat Group – BatShadow Group Threat Type – Multi-stage info-stealer and remote access bot Exploited Vulnerabilities – Social engineering, Windows default “hide known file extensions,” LNK-launched encoded PowerShell, abuse of legitimate remote access software for persistence Malware Used – Vampire Bot (Go-compiled) Threat Score – 7.6 🔴 High — Multi-stage chain with LNK→PowerShell execution, behaviour-evasive
7 min read
LockBit 5.0 Variant Expands Attacks on Windows Linux and Virtual Infrastructure
Ransomware

LockBit 5.0 Variant Expands Attacks on Windows Linux and Virtual Infrastructure

Threat Group – LockBit operators Threat Type – Ransomware as a Service Exploited Vulnerabilities – Exposed remote access services, unpatched internet facing infrastructure, valid credential reuse, weak virtualisation hardening Malware Used – LockBit 5.0 Windows Linux and ESXi variants Threat Score – 7.5 🔴 High – Cross platform impact with ESXi targeting, rapid encryption, and
6 min read
BRICKSTORM new Windows variant expands targeting of legal and technology sectors
$BRICKSTORM

BRICKSTORM new Windows variant expands targeting of legal and technology sectors

Threat Group – China-nexus UNC5221 Threat Type – Espionage backdoor and post-exploitation toolkit Exploited Vulnerabilities – Ivanti Connect Secure auth-bypass and command injection (CVE-2023-46805, CVE-2024-21887), Ivanti Connect Secure RCE buffer overflow (CVE-2025-22457), weak edge-appliance hardening, exposed management interfaces, valid-credential reuse Malware Used – BRICKSTORM backdoor with file-manager UI and network tunnelling; associated tooling and
6 min read
COLDRIVER targets policy and critical infrastructure using BAITSWITCH-SIMPLEFIX chain
COLDRIVER

COLDRIVER targets policy and critical infrastructure using BAITSWITCH-SIMPLEFIX chain

Threat Group – COLDRIVER Threat Type – Espionage malware and social engineering Exploited Vulnerabilities – User execution via ClickFix lure, abuse of rundll32, script execution and registry-based persistence (no CVEs assigned) Malware Used – BAITSWITCH downloader, SIMPLEFIX PowerShell backdoor, LOSTKEYS VBS payload, SPICA backdoor Threat Score – 8.2 🔴 High Last Threat Observation – 25 September
7 min read
Sindoor Dropper Phishing Exploits Linux Desktop Files for Persistent Remote Control
Phishing

Sindoor Dropper Phishing Exploits Linux Desktop Files for Persistent Remote Control

Threat Group: Transparent Tribe / APT36 / Mythic Leopard / G0134 Threat Type: Targeted phishing dropper, Linux desktop shortcut abuse, remote administration tool deployment, cyber espionage Exploited Vulnerabilities: No public CVE exploitation confirmed. Abuse of Linux .desktop launcher behaviour, user execution, weak attachment controls, and trusted cloud storage delivery. Malware Used: Sindoor Dropper
5 min read
Skype Delivered SCR and PIF Files Deploy GodRAT Malware in Financial Campaigns
Malware

Skype Delivered SCR and PIF Files Deploy GodRAT Malware in Financial Campaigns

Threat Group: Winnti (APT41) – suspected attribution based on code lineage and targeting Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Social engineering via Skype delivering malicious .SCR and .PIF files containing steganographic shellcode in JPEGs and DLL sideloading Malware Used: GodRAT – evolution of Gh0st RAT and AwesomePuppet, featuring plugin-based architecture
4 min read