Threat Research

    PhantomVAI Loader Delivers a Range of Infostealers

    PhantomVAI Loader is a stealthy, multi-stage loader propagated via phishing that uses obfuscated scripts and steganography to hide payloads. Originally called Katz Stealer Loader for delivering Katz Stealer, it has evolved to deliver multiple infostealers (including Katz, AsyncRAT, XWorm, FormBook and DCRat) and is offered as malware-as-a-service....
    10/16/2025  0
    Read More »

    Phishing Campaign Targeting Companies via UpCrypter

    A recent phishing campaign is targeting companies through emails containing malicious URLs that lead to spoofed websites tailored to the recipient’s email domain. These convincing sites trick users into downloading JavaScript files that act as droppers for UpCrypter malware....
    8/27/2025  0
    Read More »

    DCRAT Impersonating the Colombian Government

    A recent investigation uncovered a new email-based attack distributing a Remote Access Trojan known as DCRAT. The attacker is posing as a Colombian government entity to target organizations within Colombia. To evade detection, the threat actor employs several techniques, including password-protected archives, obfuscation, steganography, base64 encoding, and multiple file drops....
    7/2/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.