05 October 18, 17:23
Quote:Blueliv Labs team detected a new data stealer malware named ZeroEvil developed by the same developer who created the remote access Trojan (RAT) ARS Loader and used in a malware campaign by the AirNaine actor (known as TA545 by Proofpoint).
The ARS Loader RAT evolved since 2017, with its developer continuously expanding its capabilities, adding PowerShell download and execution, screenshot exfiltration, monitoring, persistence on the infected system, and Edge passwords theft.
The new strain observed by the Blueliv Labs team was first detected in mid-September when malware samples with the same activity patterns as ARS Loader but with enough differences in the malicious code to deserve some extra attention.
Source: https://news.softpedia.com/news/airnaine...3078.shtml
![[-]](https://www.geeks.fyi/images/collapse.png)
