Phantom Stealer is a two-layer Windows infostealer attack chain that uses a malicious pdh.dll loader, process hollowing into jsc.exe, aggressive anti-analysis checks, browser and wallet theft, and a cryptocurrency clipper to steal credentials, financial data, and crypto-related assets while maintaining stealth and persistence. Key Takeaways Introduction A threat actor recently deployed Phantom Stealer, a carefully […]

Executive Overview Salat Stealer is a sophisticated Go-based Remote Access Trojan (RAT) with deep information-stealing capabilities. Rather than acting as a simple stealer, it functions as a full post-exploitation framework with features that include WebSocket/QUIC command-and-control (C2), remote shell access, desktop and webcam streaming, browser and crypto-wallet theft, keylogging, clipboard theft, and SOCKS5 pivoting. The […]

Introduction Attribution in cyber threat intelligence has long been built around the concept of persistent adversary groups commonly labeled as Advanced Persistent Threats (APTs). These designations, widely used by organizations such as MITRE and leading threat intelligence vendors, attempt to cluster malicious activity under unified identities based on observed behaviors, infrastructure, and tooling. However, this […]