Saturday, 9 August, 2025
CastleBot MaaS Emerges as Modular Malware Platform Distributing Ransomware-Linked Payloads
CastleBot, a sophisticated Malware-as-a-Service (MaaS) framework first detected in early 2025, has surged in activity since May. It infects systems via SEO-poisoned fake installers, phishing GitHub repos, and ClickFix methods. Its modular design spans a three-stage infection chain—stager, loader, and core backdoor—enabling dynamic deployment of payloads like infostealers and ransomware-related backdoors such as NetSupport and WarmCookie. This allows attackers precise targeting and operations.
Read full story at Cybersecurity News