AsyncRAT Campaign Continues to Evade Endpoint Detection

SUMMARY :

A wide-ranging phishing campaign has been identified that enables threat actors to bypass traditional security controls and delay detection. The campaign, tracked since 2024, has facilitated remote surveillance, credential theft, lateral movement, data exfiltration, and ransomware across numerous organizations. The likely new or rebranded cybercriminal group behind this campaign uses legitimate services like TryCloudflare to host and deliver highly evasive malware such as AsyncRAT and other Remote Access Trojans. This malware allows threat actors to remotely control infected networks throughout the full attack lifecycle. The campaign targets organizations globally across multiple sectors without industry preference, using widely available malware and difficult-to-detect techniques involving Python scripts, obfuscated batch scripts, trusted cloud services, and dynamic infrastructure.

OPENCTI LABELS :

phishing,remote access trojan,xworm,venomrat,obfuscation,remcos,asyncrat,purehvnc,cybercriminal,cloud services,trycloudflare,python scripts,endpoint evasion


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


AsyncRAT Campaign Continues to Evade Endpoint Detection