Sophisticated RAT Hides Behind P. Diddy Scandal Lures

  /     /     /  
Publicated : 23/11/2024   Category : security


Sophisticated RAT Hides Behind P. Diddy Scandal Lures


The advanced Python-based PysSilon malware can steal data, record keystrokes, and execute remote commands. The attackers behind it are promising to leak details of deleted X posts related to accused rapper and music producer Sean Combs.



Threat actors are using the publics interest in a current scandal surrounding celebrity rapper Sean Diddy Combs to spread spyware, via files promising to reveal details of deleted posts related to Combs from the X social media platform.
Researchers have uncovered a version of the open source PySilon RAT, a
remote access Trojan
called PdiddySploit hiding in files posted online and then submitted to VirusTotal, according to
analysis from Veriti Research
published Sept. 24.
PySilon RAT is an advanced Python-based malware that can steal sensitive information, record keystrokes, capture screen activity, and execute remote commands, posing serious threats to personal and organizational security, according to the post by Veriti.
Combs (aka P. Diddy), a rapper, record producer, and entrepreneur who has been in the public eye since the 1990s, is facing multiple charges of sexual assault and misconduct in New York, which has thrust him into the recent media spotlight. One area of acute public interest are controversial posts related to Combs and alleged illicit activity on X by fellow celebrities and musicians, such as Usher and Pink, as well as Combs himself that have since been deleted, according to Veriti.
One of the most concerning aspects of this trend is the use of files related to Combs social media activity, particularly from X.com, according to the post.
Specifically, the researchers uncovered files containing posts and replies from Combs now-deleted account on VirusTotal, where they were uploaded by a user named @lamps_apple. These files are part of an automated process of collecting posts and replies, but they pose a high risk because they can be easily armed with malicious payloads, according to Veriti.
The activity demonstrates how attackers are quick to take advantage of current events or media stories of interest to the public to spread malware by weaponizing content related to them. One clear example of this activity was during
the COVID-19 pandemic
, when multiple phishing and other malicious campaigns leveraged public interest in the virus and other health-related topics to
spread malware
.
Given the intense media coverage surrounding P. Diddy and other public figures, attackers are using these files to lure curious users into downloading them, only to be infected with malware, according to Veriti. The fact that P. Diddy and others have deleted their social media content adds an additional layer of intrigue, tempting users to open these files to see what was deleted.
PsySilon RAT — discovered in 2022 — also has seen a surge in recent use by multiple threat actors, with more than 300 samples reported on VirusTotal since June 2023,
according to Cyble Research and Intelligence Labs (CRIL)
. Attackers use the malware to infiltrate systems, steal information, and even control devices remotely, according to Veriti.
PsySilon RAT is currently in version 3.6 and has been detected in numerous samples that imitate software, tools, and cracks, which likely originate from phishing websites, free software-downloading websites, and the like, according to Cyble.
Given the discovery of the RAT lurking behind the cover of PdiddySploit, its likely that as the related scandal continues to attract attention, even more attackers will leverage this malware to exploit public interest, according to Veriti.
Its perfectly natural for people to take an interest in trending topics and celebrity scandals, the researchers noted. However, that doesnt mean people should throw caution to the wind when interacting with any related files or content online.
Curiosity can be dangerous, Veriti researchers warned, especially as attackers are well-versed in social engineering and are always looking for ways to exploit human nature.
To avoid falling prey to attackers aiming to capitalize on this and other news of public interest, Veriti advised that people avoid downloading suspicious files, especially if they encounter files claiming to contain deleted posts or exclusive content related to a celebrity scandal. They should always verify the source of these or any files before downloading something from the Internet, the researchers noted.
People also should be wary of email attachments because
phishing emails
remain a primary way that attackers spread malware. If you receive an email with attachments related to the P. Diddy scandal, think twice before opening it, according to Veriti. Using up-to-date antivirus software and other protections to secure email accounts also effectively can delete malware or malicious files before they even reach someones inbox.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Sophisticated RAT Hides Behind P. Diddy Scandal Lures