Amnesia RAT deployed in multi-stage phishing attacks against Russian users
A multi-stage phishing campaign targets users in Russia with ransomware and Amnesia RAT using fake business documents as lures. FortiGuard Labs researchers uncovered a multi-stage malware campaign mainly targeting users in Russia. The attack uses fake business documents as social engineering lures to distract victims while malware runs in the background. It escalates to full […]
FortiGuard Labs researchers uncovered a multi-stage malware campaign mainly targeting users in Russia. The attack uses fake business documents as social engineering lures to distract victims while malware runs in the background. It escalates to full system compromise, deploying Amnesia RAT and ransomware, disabling Microsoft Defender via the Defendnot tool, and abusing GitHub and Dropbox to host payloads and evade detection.
“The threat actors further increase resilience by separating payload hosting across multiple public cloud services. GitHub is primarily used to distribute scripts, while Dropbox hosts binary payloads.” reads the report published by FortiGuard Labs. “This modular hosting approach allows attackers to update or rotate components independently, complicates takedown efforts, and helps malicious traffic blend into legitimate enterprise network activity.”
Related breach coverage
- Fake Booking.com lures and BSoD scams spread DCRat in European hospitality sector2026-01-07
PHALT#BLYX targets European hotels with fake Booking emails and BSoD lures, tricking staff into installing the DCRat remote access trojan. Researchers uncovered a late-December 2025 campaign, dubbed PHALT#BLYX, targeting European hotels with fake Booking-themed emails. Victims are redirected to bogus BSoD pages using ClickFix-style lures that prompt them to apply “fixes.” The multi-stage attack ultimately […]
- Russian APT targets Ukraine with BadPaw and MeowMeow malware2026-03-05
Researchers uncovered a Russian campaign targeting Ukrainian entities with new malware families BadPaw and MeowMeow delivered through phishing emails. Researchers reported a phishing campaign linked to Russia that targets Ukrainian organizations using two new malware families, BadPaw and MeowMeow. The attack chain begins with a phishing email carrying a link to a ZIP archive. When […]
- North Korea–linked KONNI uses AI to build stealthy malware tooling2026-01-26
Check Point links an active phishing campaign to North Korea–aligned KONNI, targeting developers with fake blockchain project docs and using an AI-written PowerShell backdoor. Check Point Research uncovered an active phishing campaign attributed to the North Korea–linked KONNI group (aka Kimsuky, Earth Imp, TA406, Thallium, Vedalia, and Velvet Chollima). The operation targets software developers and engineers using fake project […]
- ClickFix attack uses fake Windows BSOD screens to push malware2026-01-05
A new ClickFix social engineering campaign is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into manually compiling and executing malware on their systems. [...]