Reddit NetSec

AlienVault OTX General

CVE Database V5

Reddit InfoSec News

Exploit-DB RSS Feed

ThreatFox MISP Feed

CIRCL OSINT Feed

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

A new botnet called NightshadeC2 has been identified, employing sophisticated techniques to bypass malware analysis sandboxes and exclude itself from Windows Defender. It uses a 'UAC Prompt Bombing' technique and has both C and Python variants. The botnet's capabilities include reverse shell, file execution, self-deletion, remote control, screen capture, hidden web browsers, and keylogging. It's being distributed through ClickFix attacks and trojanized legitimate software. The botnet uses encryption for C2 communication and gathers victim information. It also employs various persistence mechanisms and can bypass certain sandbox environments. The discovery highlights the evolving sophistication of malware and the need for advanced detection and response capabilities.

NightshadeC2 is a newly identified botnet campaign exhibiting advanced evasion and persistence techniques that significantly complicate detection and mitigation efforts. It employs sophisticated sandbox evasion methods, including the novel 'UAC Prompt Bombing' technique, which attempts to bypass Windows User Account Control (UAC) prompts to escalate privileges without user consent. The botnet is implemented in both C and Python variants, indicating modularity and adaptability across different environments. Its capabilities are extensive, including establishing reverse shells for remote command execution, executing arbitrary files, self-deletion to cover tracks, remote control functionalities, screen capture, hidden web browser instances, and keylogging to harvest sensitive user input. Distribution vectors include ClickFix attacks—likely leveraging social engineering or malicious redirects—and trojanized legitimate software, which increases the likelihood of successful infection by exploiting user trust in known applications. Communication with the command and control (C2) servers is encrypted, enhancing stealth and complicating network-based detection. NightshadeC2 also collects victim system information to tailor its operations and employs multiple persistence mechanisms to maintain footholds on infected systems. The botnet’s ability to bypass Windows Defender and evade sandbox environments highlights its advanced design aimed at long-term undetected presence. This threat underscores the evolving sophistication of malware campaigns, emphasizing the need for enhanced detection capabilities beyond traditional antivirus and sandboxing solutions.

Detailed information about New Botnet Emerges from the Shadows: NightshadeC2. Get real-time updates, technical details, and mitigation strategies.

Title	Severity	Type	Source	Date

Threats Tagged 'sandbox evasion'

Filter Threats

Threats Tagged 'sandbox evasion'

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility