fileless attack
-
DEAD#VAX campaign mounts IPFS VHDs to deliver in-memory AsyncRAT
Researchers disclosed DEAD#VAX, a campaign that uses IPFS-hosted VHD files to mount virtual drives and deploy AsyncRAT as encrypted shellcode run in memory, avoiding disk-based artifacts and complicating detection.
-
APT36 uses weaponized LNK files to target Indian government entities
A multi-stage fileless campaign attributed to APT36 used oversized .lnk shortcuts embedding PDFs to deliver HTA loaders and in-memory .NET DLLs targeting Indian government systems. The malware adapts persistence to installed antivirus and uses encrypted C2.
-
Phishing campaign impersonates Ukrainian police to deliver data stealer and cryptominer
FortiGuard Labs reported a fileless phishing campaign impersonating Ukraine’s National Police that uses malicious SVG attachments to deliver Amatera Stealer and PureMiner, harvesting credentials and installing a cryptominer on Windows systems.
