📰 Infeksi LummaStealer Melonjak, Didistribusikan Lewat CastleLoader dan Teknik ClickFix

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/02/13/lummastealer-...

#castleloader #clickfix #infostealer #keamanan #siber #lummastealer #malware #phishing

Once-hobbled #LummaStealer is back with lures that are hard to resist

arstechnica.com/security/2026/02/once-ho...

#malware #Castleloader #Lumma #cybersecurity

Once-hobbled Lumma Stealer is back with lures that are hard to resist https://arstechni.ca #castleloader #infostealer #Security #clickfix #malware #Biz&IT #lumma

CastleLoader malware poses a significant threat to U.S. government agencies, employing stealthy techniques to infiltrate systems. Stay vigilant and implement robust security measures. #CyberSecurity #Malware #CastleLoader Link: thedailytechfeed.com/stealthy-cas...

New CastleLoader Variant Linked to 469 Infections Across Critical Sectors Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

📢⚠️ A new CastleLoader variant linked to at least 469 infections, hitting US government agencies and critical sectors across Europe.

Read: hackread.com/castleloader...

#CyberSecurity #Malware #CastleLoader #USGov #Europe

New CastleLoader Variant Linked to 469 Infections Across Critical Sectors ANY.RUN report reveals how the new CastleLoader malware targets US government agencies using stealthy ClickFix tricks and memory-based attacks to bypass security.

CastleLoader Malware Targets Government Sector

~Anyrun~
Stealthy multi-stage loader uses process hollowing to deliver info-stealers and RATs, targeting government and critical infrastructure.
-
IOCs: 94. 159. 113. 32
-
#CastleLoader #Malware #ThreatIntel

GrayBravo's CastleLoader ecosystem includes four clusters; TAG-160 impersonates logistics and abuses freight-matching platforms with ClickFix, TAG-161 impersonates Booking.com delivering CastleLoader and Matanbuchus. #GrayBravo #CastleLoader #ClickFix https://bit.ly/4p49yc0

CastleLoader Malware Now Uses Python Loader to Bypass Security Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

CastleLoader malware, known for Clickfix related attack, has been upgraded with a stealthy Python loader that helps it slip past security defenses.

Read: hackread.com/castleloader...

#CyberSecurity #Malware #InfoSec #CastleLoader #ClickFix

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure shellcode stager/downloader read more about Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure reconbee.com/four-threat-...

#malware #malwareattack #GrayBravo #castleloader #cyberattack #cybersecurity

GrayBravo Expands CastleLoader Malware Operations with Distinct Activity Clusters, Impersonates ‘Booking’ and ‘DAT Freight’ Researchers identify four new GrayBravo CastleLoader activity clusters targeting logistics and hospitality sectors, signaling a growing MaaS ecosystem.

Full analysis:
www.technadu.com/graybravo-ex...

#GrayBravo #CastleLoader #CyberSecurity #ThreatIntel #Malware #MaaS #Phishing #ClickFix #InfoSec

GrayBravo is scaling CastleLoader malware through four activity clusters - impersonating Booking. com and DAT Freight, deploying ClickFix phishing, and delivering payloads via signed MSI installers and MaaS infrastructure.

#GrayBravo #CastleLoader #Malware #ThreatIntel #CyberSecurity #Phishing

2/ Our latest analysis uncovered four distinct activity clusters within GrayBravo’s ecosystem, all leveraging the group’s #CastleLoader malware. Each cluster uses different tactics, techniques, and targets, reinforcing the assessment that GrayBravo runs a #MaaS model.

Malware infection flows in CapLoader PCAP from https://tria.ge/251028-3g9yps1ncr/behavioral1

Here's the full infection chain:

* `198.211.110.107:79` finger connects to finger[.]cloudyape[.]com
* `172.67.190.68:80` curl tries `cloudyape[.]com/uvey.php?holt=2` but server responds with `301 Moved Permanently` and redirects to HTTPS
* `172.67.190 […]

[Original post on infosec.exchange]

TAG-150 evolve CastleLoader in CastleRAT con C2 multi-tier: ClickFix, GitHub fraudolenti e payload SectopRAT/WarmCookie colpiscono utenti e aziende.

#CastleLoader #CastleRAT #ClickFix #MaaS #sectoprat #TAG150 #WarmCookie
www.matricedigitale.it/2025/09/05/c...

Another great report from the team on TAG-150, a sophisticated and rapidly evolving threat actor. 🕵️ Our report documents #CastleRAT for the first time, a new Remote Access Trojan, alongside the previously observed #CastleLoader.

A significant amount of #CastleLoader C2 infrastructure identified by @julianferdinand.bsky.social was tied to #ThreatActivityEnabler 🇬🇧 FEMO IT SOLUTIONS #AS214351 utilising 🇩🇪 aurologic GmbH #AS30823 as their sole upstream provider. One to watch out for!

2/ TAG-150 is Insikt Group’s designation for the actor likely behind the malware families #CastleLoader, #CastleBot, and most recently #CastleRAT, a RAT documented here for the first time.

CastleLoader infetta 469 dispositivi e un infostealer compromette Chemia su Steam: attacchi via GitHub e supply chain in escalation globale.

#CastleLoader #FickleStealer #INFOSTEALER #SharePoint #sonicwall #Steam #vulnerabilità
www.matricedigitale.it/2025/07/26/c...

CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing addition to a delivery method read more about CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing

CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing reconbee.com/castleloader...

#castleloadermalware #castleloader #malwareattack #malware #GitHubRepos #clickfix #phishing #cyberattack