Threat Alerts

A North Korean-aligned threat actor group has developed a new Python-based remote access trojan called “PylangGhost,” representing a significant evolution in their attack capabilities. This malware shares functional similarities with the previously documented GolangGhost RAT and specifically targets employees with cryptocurrency and blockchain experience through sophisticated social engineering campaigns. The attacks primarily affect users in India, though the scope remains limited based on current intelligence, and demonstrate the threat actors’ continued focus on financial gain through both credential theft and fraudulent employment schemes.

The attack chain begins with fake job recruitment websites impersonating legitimate companies in the cryptocurrency sector, where victims are lured through skill-testing pages that eventually request camera access for video interviews. When users attempt to enable their cameras, they receive instructions to copy and paste malicious commands that allegedly install necessary video drivers. These commands download ZIP files containing the PylangGhost modules along with Visual Basic scripts that extract and execute the Python-based trojan. The malware establishes persistence through registry modifications and communicates with command and control servers using RC4 encryption over HTTP.

PylangGhost consists of six well-structured Python modules that mirror the functionality of its Golang counterpart, supporting commands for system information gathering, file operations, remote shell access, and extensive browser credential theft from over 80 extensions including cryptocurrency wallets and password managers. The threat actors deploy different variants based on the target’s operating system, using the Python version for Windows systems while maintaining the Golang variant for macOS users, with Linux systems currently excluded from these campaigns.

A new malware-as-a-service offering known as Amatera Stealer has recently emerged, positioning itself as a more advanced evolution of the earlier ACR Stealer. Priced up to $1,499 annually, the tool enables a wide range of threat actors to steal sensitive data from victims, including browser credentials, messaging app content, and password manager entries. Its rising popularity and technical sophistication make it a growing concern across multiple sectors.

Amatera is distributed through ClearFake web injection campaigns, in which legitimate websites are compromised to display fake CAPTCHA prompts. Victims are socially engineered to run a malicious command using a technique called ClickFix, which tricks them into opening a system dialog and pasting in attacker-supplied code. This launches a multi-stage infection process that uses obfuscation techniques, bypasses built-in security like AMSI (Anti-Malware Scan Interface), and injects malware into legitimate system processes. It also uses EtherHiding, a tactic where malicious code is hidden inside blockchain smart contracts to avoid detection.

Technically, Amatera is built to evade modern security tools. It uses NTSockets, a low-level communication method that avoids standard Windows networking libraries, making its traffic harder to detect. It also relies on WoW64 syscalls, a way to execute system-level code while bypassing user-mode monitoring. For command-and-control, it connects through Cloudflare infrastructure using spoofed headers that make its traffic appear legitimate. These evasion strategies, combined with its broad data theft capabilities and ability to deploy additional malware, make Amatera one of the most capable info-stealers currently in circulation.

A newly identified threat campaign involves a malicious actor leveraging GitHub to distribute weaponized software repositories containing hidden malware. By compromising seemingly legitimate tools with embedded malware, the attackers pose a significant supply chain risk, particularly to developers, security professionals, and red teamers who frequently rely on shared community code. The campaign’s impact is far-reaching, enabling credential theft, remote access, and long-term system control through concealed backdoors.

The infection chain begins when a user clones or compiles a seemingly legitimate GitHub project which contains hidden malicious scripts within build configurations. This initiates a multistage execution process involving obfuscated scripts that fetch encrypted archives containing additional payloads. The malware employs anti-analysis, privilege escalation, and system modification techniques to maintain persistence. Electron-based binaries are extracted and executed, masquerading as legitimate applications while conducting reconnaissance, disabling security tools, and manipulating system settings to avoid detection.

Subsequent stages involve data collection and exfiltration of browser credentials, session tokens, and system information, with outbound connections made to file-sharing and messaging services for command-and-control and data upload. The malware leverages scheduled tasks to ensure continuity, hides within common user directories, and injects into trusted processes for stealth. This operation reflects a technically capable and financially motivated actor, targeting various digital communities through deceptive and persistent methods.

IBM has disclosed three critical security vulnerabilities affecting its QRadar SIEM platform, versions 7.5 to 7.5.0 UP12 IF01, which pose significant risks to enterprise security operations. The vulnerabilities range from local information disclosure to remote code execution. The first flaw, CVE-2025-36050 (CVSS 6.2), involves sensitive information being stored in accessible log files, while CVE-2025-33121 (CVSS 7.1) represents an XML External Entity (XXE) injection vulnerability that allows remote attackers to expose sensitive data or cause denial-of-service conditions through memory exhaustion.

The most severe vulnerability, CVE-2025-33117 (CVSS 9.1), enables privileged users to manipulate QRadar’s configuration files and upload malicious autoupdate files, leading to arbitrary command execution and potential system compromise. This critical flaw could allow attackers to establish persistent backdoors or execute destructive payloads under the guise of legitimate updates.

A severe privilege escalation vulnerability has been discovered in the AI Engine WordPress plugin, affecting over 100,000 active installations. The vulnerability, tracked as CVE-2025-5071 (CVSS Score 8.8), allows authenticated attackers with basic subscriber-level access to escalate their privileges to administrator level through insufficient authorization controls in the plugin’s Model Context Protocol (MCP) implementation.

The vulnerability stems from inadequate permission checks in the plugin’s MCP functionality, which enables AI agents to control and manage WordPress websites through various commands. The flawed authentication mechanism allows any logged-in user to access MCP endpoints by default, even when bearer token authentication is configured. Attackers can exploit this weakness by bypassing authentication checks and executing commands such as ‘wp_update_user’ to modify their own user roles, effectively granting themselves administrative privileges. The vulnerability specifically affects users who have enabled the Dev Tools and MCP module in their settings, though this feature is disabled by default.

A new wave of phishing attacks leveraging the Sorillus Remote Access Trojan (RAT) has been observed targeting multiple European countries. The campaign exploits invoice-themed phishing emails to lure victims into downloading malicious Java-based payloads. These emails often include PDF attachments that redirect victims via OneDrive or Dropbox links to a MediaFire-hosted JAR file, which deploys Sorillus RAT.

Once executed, Sorillus establishes persistence, performs system reconnaissance, and communicates with its command-and-control server via tunnel proxies like Ngrok or LocaltoNet. The RAT boasts a wide range of capabilities including keylogging, screen and webcam recording, clipboard capture, and remote command execution. Variants of the malware have also been seen deploying secondary payloads like AsyncRAT. Despite the 2025 takedown of its commercial distribution site, cracked versions of Sorillus remain freely available on platforms such as Telegram and GitHub, ensuring its continued use by low- and mid-level threat actors. The use of Brazilian Portuguese in some components suggests involvement of Brazilian-speaking threat actors.