A new malware campaign built around the HanGhost loader is actively targeting corporate environments, focusing on employees involved in payments, logistics, and contract operations. The attack is designed to operate without leaving clear artifacts, enabling it to reach systems linked to revenue and operations before they are fully analyzed. The campaign has already shown multiple waves of activity with different malware families, indicating active development and scaling rather than a one-off
dotnet (2)
Recently observed a phishing campaign in the wild that delivers a new variant of XWorm.
XWorm is a multi-functional Remote Access Trojan (RAT) first identified in 2022 that remains actively distributed, including through Telegram-based marketplaces. Once deployed, it provides attackers with full remote control of compromised Windows systems. This campaign relies on multiple phishing emails that employ social engineering to trick recipients into opening a malicious attachment. The following an
