网络安全研究人员披露了一项多阶段恶意软件攻击活动，该活动使用批处理脚本作为传播路径，投放XWorm、AsyncRAT和Xeno RAT等加密远程访问木马载荷。攻击链被命名为VOID#GEIST，通过混淆批处理脚本部署第二阶段脚本，植入合法Python运行时，并解密加密的shellcode。现代恶意软件越来越多地转向复杂的基于脚本的传播框架，模仿合法用户活动以规避检测。

VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe ...

The Evilnum APT has added the RAT to its arsenal as part of a big change-up in its TTPs. The Evilnum group, which specializes in targeting financial technology companies, has debuted a new tool: A ...

The Evilnum advanced persistent threat (APT) group has adopted a new Python remote access Trojan (RAT) to target financial tech organizations with well-crafted spear-phishing attacks. This is one of ...

A new Python-based malware has been spotted in the wild featuring remote access trojan (RAT) capabilities to give its operators control over the breached systems. Named PY#RATION by researchers at ...

Evilnum, a group known for targeting financial technology companies, has added new malware and infection tricks to its arsenal, researchers warn. The group is suspected of offering APT-style ...