Vietnamese threat actor behind PXA Stealer has evolved their capabilities, deploying a sophisticated 10-stage attack chain culminating in PureRAT—a commercial .NET remote access trojan. The campaign demonstrates tactical maturity with DLL sideloading, multi-layer obfuscation, in-memory execution, and progression from credential theft to full system surveillance including hidden desktop access, webcam/microphone spying, and real-time keylogging.
Chinese-linked threat actors compromised over 100 systems across Taiwan, Japan, South Korea, and Hong Kong by weaponizing Nezha, an open-source monitoring tool, to deliver Gh0st RAT. The sophisticated attack chain exploited vulnerable phpMyAdmin panels using log poisoning techniques, deployed web shells via SQL injection, and used the Nezha agent for remote command execution before delivering the final payload.
A polished YouTube video promoting a fake TradingView AI feature nearly fooled security analysts with professional branding and clever social engineering, delivering NetSupport RAT through PowerShell to target crypto wallets.
