Windows environments are at risk of significant compromise with the new, advanced CrySome remote access trojan, which integrates antivirus-killing and hidden virtual desktop control capabilities with post-exploitation tooling, GBHackers News reports.Attacks with CrySome commence with the delivery of an executable using Costura.Fody for dependency embedding, which triggers a bootstrap phase that creates the command-and-control channel and ensures persistence before prompting a continuous network loop for packet processing and the eventual injection of the RAT, according to CYFIRMA researchers. Apart from featuring PowerShell command execution and file uploading, downloading, and removal features, CrySome RAT also conducts process enumeration and comprehensive system profiling, while allowing HVNC sessions, keylogging, Chromium-based credential and cookie exfiltration, and webcam compromise.Further examination of CrySome RAT revealed a multi-layered persistence design composed of registry startup entries, scheduled tasks, and recovery partition exploitation. Researchers also observed CrySome RAT to include an AVKiller module that deactivated Microsoft Defender, Avast, CrowdStrike, SentinelOne, ESET, and Kaspersky tools.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds



