Threat Intelligence, Malware

AllaKore RAT, SystemBC deployed in Mexico-targeted intrusions

System hacked warning alert on laptop computer. Cyber attack on computer network, virus, spyware, malware or malicious software. Cyber security and cybercrime concept. System security technology (3)

Attacks with the AllaKore RAT and SystemBC payloads have been launched by the Greedy Sponge hacking operation against organizations across Mexico since 2021, The Hacker News reports.

Despite using mostly using phishing emails and drive-by downloads to facilitate compromise over the past four years, Greedy Sponge's most recent intrusions involved the deployment of ZIP files with a Chrome proxy executable and weaponized MSI file to inject an updated version of the AllaKore RAT malware, which not only loads the SystemBC payload but also distributes a PowerShell script to conceal illicit activity, according to findings from Arctic Wolf Labs researchers. Additional stealth has been enabled by Greedy Sponge through more robust geofencing efforts since mid-2024. "The strictly financial motivation of this actor coupled with their limited geographic targeting is highly distinctive. Additionally, their operational longevity points to probable operational success meaning they've found something that works for them, and they are sticking with it," said Arctic Wolf researchers, who noted the group's persistence but not their sophistication. Such findings come after the new Ghost Crypt crypter was reported by eSentire to have been used to spread the PureRAT malware as part of a May phishing campaign.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds