The Interlock ransomware group has introduced a new PHP variant of its remote access trojan (RAT) as part of a widespread cyber campaign. This evolution demonstrates enhanced operational sophistication, including the use of Cloudflare Tunnels and fallback IP addresses. #InterlockRAT #NodeSnake
Keypoints
- The Interlock group has launched a PHP variant of their custom RAT in ongoing attacks.
- The campaign uses compromised websites and FileFix, an evolved form of ClickFix, to infect targets.
- The malware performs system reconnaissance, exfiltrates data, and employs persistence mechanisms via Windows Registry.
- Cloudflare Tunnels and hardcoded IP addresses are used to hide command-and-control servers.
- The new PHP variant expands the group’s toolset, enabling broader and more sophisticated network infiltration.
Read More: https://thehackernews.com/2025/07/new-php-based-interlock-rat-variant.html