The Horus Protector crypter uses a new delivery technique that makes detection more difficult due to its obfuscation tactics. It uses VBE scripts to distribute malware such as AgentTesla, Remcos, Snake, NjRat, among others. The method involves encoding and storing malicious files in registry locations before they’re executed. Notably, the execution process involves a check on the status of Windows Defender – the script terminates if Defender is active.
Open VSX Extension Delivers RAT and Stealer via GitHub Downloader
An Open VSX extension used by thousands of developers has been caught silently pulling a full-featured remote access trojan and infostealer from GitHub. The KhangNghiem/fast-draft
