Attacks with the AllaKore RAT and SystemBC payloads have been launched by the Greedy Sponge hacking operation against organizations across Mexico since 2021, The Hacker News reports.Despite using mostly using phishing emails and drive-by downloads to facilitate compromise over the past four years, Greedy Sponge's most recent intrusions involved the deployment of ZIP files with a Chrome proxy executable and weaponized MSI file to inject an updated version of the AllaKore RAT malware, which not only loads the SystemBC payload but also distributes a PowerShell script to conceal illicit activity, according to findings from Arctic Wolf Labs researchers. Additional stealth has been enabled by Greedy Sponge through more robust geofencing efforts since mid-2024. "The strictly financial motivation of this actor coupled with their limited geographic targeting is highly distinctive. Additionally, their operational longevity points to probable operational success meaning they've found something that works for them, and they are sticking with it," said Arctic Wolf researchers, who noted the group's persistence but not their sophistication. Such findings come after the new Ghost Crypt crypter was reported by eSentire to have been used to spread the PureRAT malware as part of a May phishing campaign.
Threat Intelligence, Malware
AllaKore RAT, SystemBC deployed in Mexico-targeted intrusions

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



