Per The Hacker News, the China-linked cybercrime group Silver Fox has been attributed to a new Rust-based remote access trojan (RAT) named MODBEACON, which is being used to target technology, education, and state-owned enterprises.QiAnXin, a Chinese cybersecurity company, reported that while the group's operations may appear unsophisticated due to the use of SEO poisoning and counterfeit software installers, their organizational structure is more complex, involving multiple distributors. These distributors operate across Asia, employing fake software installers and leveraging variants of Gh0st RAT and WinOS (ValleyRAT) trojans. One observed campaign in mid-June 2026 involved a distributor delivering MODBEACON, which utilizes Amazon and Cloudflare's CDN for its command-and-control infrastructure. The distributor is described as a hybrid threat actor, acting as both a "cybercriminal arms dealer" and "traffic broker."MODBEACON is a memory-resident implant capable of fetching additional modules, executing commands, and maintaining encrypted communications. It features a modular design, an injectable configuration, and uses a plugin-based architecture. The attack chain employs social engineering and counterfeit domains to trick users into downloading malicious ZIP archives. MODBEACON's capabilities include host fingerprinting, plugin loading, sending heartbeat messages, reporting command execution results, and establishing persistence through scheduled tasks. This new development indicates Silver Fox is actively refining its tradecraft, expanding its arsenal with malware families like Atlas RAT, ABCDoor, RomulusLoader, and SilentRunLoader.Source: The Hacker News
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds




