An investigation by the Cyble Research and Intelligence Lab (CRIL) has uncovered a sophisticated cyberattack aimed at Malaysian political figures and government officials. Initiated in July 2024, the attack utilizes fake ISO files to deploy Babylon RAT, a dangerous malware that allows cybercriminals to gain full control of infected devices and steal sensitive information.
The ISO files look harmless but actually contain dangerous elements like a shortcut, a hidden PowerShell script, a harmful program, and a fake PDF. When someone opens the file, it quietly installs Babylon RAT on their computer.
The Cyble Vision platform has linked this attack to previous malware campaigns involving Quasar RAT, suggesting a consistent strategy targeting high-profile individuals in Malaysia.
The fake documents used in the attack often focus on political and governmental topics, including those related to the Majlis Amanah Rakyat (MARA), adding a layer of credibility to the malicious files.
When a victim opens the ISO file, a hidden PowerShell script runs in the background, launching a decoy PDF while installing the malicious executable. This ensures that Babylon RAT is installed and can operate on the victim’s device. The malware enables the hacker to monitor keystrokes, steal passwords, track clipboard activity, and execute remote commands.
Babyl
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: