Inside a VenomRAT Malware Campaign
Essential information
- Published
- 29/05/2025 00:54
- Modified
- 29/05/2025 07:13
- Tags
- 2025-05-29 command and control credential-theft open-source malware phishing remote access trojan silenttrinity stormkitty venomrat
- Related entities
- 35 observables, 20 techniques (mitre), 3 malware, 1 others
Description
A malicious campaign utilizing VenomRAT, a Remote Access Trojan, is analyzed. The attackers use a fake Bitdefender download website to spread malware, including VenomRAT, StormKitty, and SilentTrinity. These tools work together to provide initial access, steal credentials, and maintain long-term hidden access. The campaign's infrastructure includes multiple command and control servers and phishing sites impersonating banks and IT services. The analysis reveals the attackers' focus on harvesting financial credentials and crypto wallets while establishing persistent access for potential exploitation or sale. This campaign highlights the growing trend of sophisticated, modular malware built from open-source components, posing a significant threat to everyday internet users.