"The operation covers VPN clients, encrypted messengers, video conferencing tools, cryptocurrency trackers, and e-commerce applications, with eleven confirmed delivery domains impersonating brands including Surfshark VPN, Signal, Telegram, Zoom, Microsoft Teams, and others."
"The discovery of AtlasCross RAT represents an evolution of the threat actor's arsenal from Gh0st RAT derivatives like ValleyRAT, Gh0stCringe, and HoldingHands RAT."
"The attack chains involve using bogus websites as lures to trick users into downloading ZIP archives containing an installer that drops a trojanized Autodesk binary along with the legitimate decoy application."
"The majority of fake websites were registered in a single day on October 27, 2025, indicating a deliberate approach behind the campaign."
Chinese-speaking users are targeted by a campaign using typosquatted domains to deliver the AtlasCross RAT. This operation involves impersonating trusted software brands like Surfshark VPN, Signal, and Zoom. The Silver Fox cybercrime group is behind this activity, evolving from previous threats like Gh0st RAT. Attack chains utilize bogus websites to lure users into downloading trojanized installers. The majority of fake websites were registered on October 27, 2025, indicating a coordinated effort to execute this campaign.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]