Threat actor DeathStalker is actively targeting cryptocurrency exchanges located around the world with the VileRAT malware, according to Kaspersky researchers. The researchers published an advisory just days ago in which the campaign is detailed. The campaign reportedly began in September 2020 but revamped its efforts in June 2022, leveraging the VileRAT toolchain. Since the campaign was first identified by Kaspersky, the threat actor has continuously picked similar targets.
Kaspersky believes that despite the public indicators of compromise, the DeathStalker campaign is likely increasing its efforts to compromise new targets with its recent use of VileRAT. More samples of malicious files associated with the RAT and new infrastructure has been detected since March of 2022. Kaspersky believes that this is likely a symptom of increased compromise attempts.
Read More: DeathStalker’s VileRAT Continues to Target Foreign and Crypto Exchanges