All news with #countloader tag

AdaptixC2 Abused by Ransomware Operators Worldwide

⚠️ Silent Push reports a surge in malicious use of AdaptixC2, an open-source adversarial emulation framework that researchers say is now being delivered by the CountLoader malware as part of active ransomware operations. Deployments accelerated after new detection signatures were released, and public incident reports show increased sightings across multiple intrusions. Analysts flagged the developer alias RalfHacker and issued indicators covering Golang C2 traffic and unknown C++/QT executables.

Researchers Expose SVG and PureRAT Phishing Threats

📧 Fortinet FortiGuard Labs and other researchers detailed phishing campaigns that weaponize malicious SVG attachments to initiate downloads of password-protected ZIP archives and Compiled HTML Help (CHM) files. Those CHM files activate loader chains that deliver CountLoader as a distribution stage for Amatera Stealer and the stealthy .NET miner PureMiner, both run filelessly via .NET AOT and memory-loading techniques. Separately, Huntress attributes a Vietnamese-speaking operator using copyright-themed lures that escalate from PXA Stealer to the modular backdoor PureRAT.