All news with #castleloader tag

TAG-150 Develops CastleRAT: Python and C Variants Now

🛡️ Recorded Future links the activity of TAG-150 to a new remote access trojan, CastleRAT, available in both Python and C variants that collect system data, fetch additional payloads, and execute commands via CMD and PowerShell. The Python build is tracked as PyNightshade, while eSentire and others refer to related tooling as NightshadeC2. Researchers observed Steam-profile dead drops, a multi-tiered C2 layout, and distribution through CastleLoader-assisted phishing and fake GitHub repositories. Operators use Cloudflare-themed "ClickFix" lures and deceptive domains to deliver loaders and downstream stealers and RATs.