Operation DualScript: Multi-Stage PowerShell Malware Targets Crypto

Operation DualScript is a sophisticated multi-stage malware campaign targeting cryptocurrency and financial activities. It utilizes Windows Scheduled Tasks, VBScript launchers, and PowerShell execution to maintain persistence while minimizing disk artifacts. The attack operates through two parallel chains: a web-based PowerShell loader deploying a cryptocurrency clipboard hijacker, and a secondary chain executing the RetroRAT implant in memory. RetroRAT monitors user activity, captures keystrokes, and tracks interactions with financial services to harvest sensitive information. The malware employs various anti-analysis techniques and establishes a command-and-control channel for remote access and data exfiltration. This campaign highlights the growing abuse of trusted system utilities and in-memory execution techniques to evade traditional detection mechanisms.

Pulse ID: 69cb7349f3c70800ebef7310
Pulse Link: https://otx.alienvault.com/pulse/69cb7349f3c70800ebef7310
Pulse Author: AlienVault
Created: 2026-03-31 07:10:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Clipboard #CyberSecurity #InfoSec #Malware #Nim #OTX #OpenThreatExchange #PowerShell #RAT #Rust #SMS #VBS #Windows #bot #cryptocurrency #AlienVault

Inside Keitaro Abuse Part 2: One Platform, Many Threats

This analysis examines how threat actors abuse Keitaro, an advertising performance tracker, for various malicious purposes. The report covers a wide range of threats, including malware delivery, phishing, scams, and illegal content distribution. Key findings include the use of Keitaro for cloaking and traffic distribution in malvertising campaigns, spam operations leveraging Keitaro for cryptocurrency wallet draining, and the abuse of Keitaro in investment scams. The report also highlights specific threat actors and their tactics, such as domain hijacking for adult content delivery and the use of fake arrests as clickbait for investment scams. Overall, the analysis demonstrates how Keitaro's features make it attractive to cybercriminals seeking to maximize their reach with minimal effort.

Pulse ID: 69c643d531ed0d8ae740f7dc
Pulse Link: https://otx.alienvault.com/pulse/69c643d531ed0d8ae740f7dc
Pulse Author: AlienVault
Created: 2026-03-27 08:46:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #Malvertising #Malware #Nim #OTX #OpenThreatExchange #Phishing #RAT #Spam #bot #cryptocurrency #AlienVault

13-Mar-2026
#AI’s #gamePlaying still has flaws: #AlphaZero-style self-play tested on #Nim
Despite heavy training, agents show blind spots and can miss optimal moves

https://www.eurekalert.org/news-releases/1119906

#science #technology