Threats Tagged 'multi-stage infection'
View all threats tagged with 'multi-stage infection'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'multi-stage infection'
Click on any threat for detailed analysis and mitigation recommendations
AsyncRAT and Remcos Delivered in Multi-Stage Phishing Campaign 0 A widespread phishing campaign is distributing AsyncRAT and Remcos remote access trojans (RATs) via malicious Excel spreadsheets. The emails impersonate legitimate business communications such as purchase orders and payment advice. Enabling macros triggers VBA code that downloads HTA payloads using URL shorteners and Cloudflare Workers. The infection chain is multi-stage and heavily obfuscated, employing Base64 encoding, steganography in PNG files, and character substitution. The campaign intensified in June 2026 and targets organizations globally across multiple industries. Join the discussion | AlienVault OTX General | 07/03/2026, 02:26:44 UTC Added: 07/03/2026, 07:06:38 UTC |
An unknown actor distributes malicious VBS scripts via WhatsApp 0 An active malware campaign has been discovered distributing malicious VBScript files through WhatsApp direct messages since June 2026. The operation affects users across multiple countries, with Malaysia experiencing the highest concentration of victims. Attackers compromise WhatsApp accounts and send weaponized VBS files disguised as business and financial documents to contacts. The multi-stage infection chain ultimately deploys legitimate ManageEngine Endpoint Central RMM software, providing persistent remote access to compromised systems. The scripts employ heavy obfuscation, Chinese-language comments, and modify Windows UAC settings. Infrastructure overlaps with ValleyRAT and Gh0st RAT operations suggest possible Chinese-speaking operators, though attribution remains uncertain. The campaign primarily targets individual users through opportunistic rather than focused methods, exploiting social engineering techniques with localized filenames in multiple languages. Join the discussion | AlienVault OTX General | 06/22/2026, 11:01:01 UTC Added: 06/22/2026, 20:24:23 UTC |
Threat Actors Weaponize AI Hype to Deliver AsyncRAT 0 A sophisticated malware campaign exploits growing interest in artificial intelligence by distributing malicious files disguised as AI-related learning resources and technical guides. The attack employs an exceptionally complex multi-stage infection chain beginning with compressed archives containing LNK shortcuts and hidden PDF files. Through multiple layers of obfuscation involving PowerShell scripts, batch files, and AutoHotkey loaders, the campaign establishes persistent access and deploys two distinct .NET Remote Access Trojans including AsyncRAT. The intermediate scripts extensively use Simplified Chinese variable names and exhibit coding patterns suggesting AI-assisted development, with cultural references to Chinese mythology used as symbolic aliases for Windows API calls. The attack implements advanced techniques including process hollowing, reflective DLL injection, and scheduled task persistence while actively disabling Windows Defender exclusions to facilitate execution. Join the discussion | AlienVault OTX General | 06/11/2026, 16:31:56 UTC Added: 06/15/2026, 19:30:18 UTC |
Showing 1 to 3 of 3 results