Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

ModuleInstaller

SideWinder adopts ClickOnce-based infection chain in South Asia espionage campaign

Cybercrime, News, Research, Risk

October 28, 2025

Researchers say the SideWinder group used a new ClickOnce‑based infection chain alongside Word exploits in spear‑phishing waves from March to September 2025 to deliver ModuleInstaller and the StealerBot implant against diplomatic and government targets in South Asia.

About
Editorial Policy
Privacy
Contact