Cybersecurity researchers have identified CastleLoader as a versatile malware loader used in campaigns deploying various stealers and RATs through sophisticated social engineering and technical techniques. Its modular and stealthy design allows threat actors to efficiently distribute and manage malware, posing significant challenges to detection and response. #CastleLoader #CybercrimeInfrastructure
Keypoints
- CastleLoader employs dead code injection and packing techniques to evade analysis.
- Threat actors use phishing, fake GitHub repositories, and fake domains to distribute the malware.
- The loader connects to C2 servers to download and execute additional malware modules.
- Campaigns have recorded over 1,634 infection attempts and compromised nearly 470 devices since May 2025.
- CastleLoaderβs configuration indicates it operates within malware-as-a-service ecosystems with advanced anti-analysis features.
Read More: https://thehackernews.com/2025/07/castleloader-malware-infects-469.html