Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
Summary
Cybersecurity researchers have identified a multi-stage malware campaign named VOID#GEIST. This campaign utilizes obfuscated batch scripts to deliver encrypted payloads of remote access trojans (RATs), specifically XWorm, AsyncRAT, and Xeno RAT.
IFF Assessment
FOE
The discovery of a new multi-stage malware campaign delivering multiple RATs indicates an increased threat to organizations and individuals, requiring enhanced defensive measures.
Defender Context
Defenders should be aware of the VOID#GEIST campaign and its methods of delivery via batch scripts and encrypted RAT payloads. Monitoring for suspicious batch script execution and network traffic associated with known RATs is crucial for early detection and response.