Cybersecurity experts have uncovered a sophisticated malvertising campaign distributing the multi-stage PS1Bot malware, which employs in-memory techniques for stealth and modular payloads. This campaign has been active since early 2025, overlapping with previous ransomware operations like Skitnet and utilizing advanced techniques to evade detection. #PS1Bot #Skitnet
Keypoints
- PS1Bot is a modular, stealthy malware framework that performs various malicious activities on infected systems.
- The malware is delivered via malvertising and search engine poisoning, starting from a ZIP archive with a JavaScript payload.
- Modules can include antivirus detection, screen capture, wallet stealing, keylogging, and information harvesting.
- PS1Bot communicates with C2 servers to fetch commands and can establish persistent access on infected hosts.
- The campaign overlaps with previous ransomware patterns and leverages in-memory execution to avoid forensic detection.
Read More: https://thehackernews.com/2025/08/new-ps1bot-malware-campaign-uses.html