Patchwork, a South Asian-linked cyberespionage group, has launched a new campaign featuring the stealthy Trojan StreamSpy for targeted espionage activities. This malware uses advanced techniques like WebSocket and HTTP protocols to evade detection and maintain persistence on infected systems. #Patchwork #StreamSpy
Keypoints
- StreamSpy is a sophisticated Trojan used by the Patchwork APT group for cyberespionage campaigns.
- The malware disguises itself as a ZIP file with an executable mimicking a PDF icon to lure victims.
- It uses WebSocket for command and control and HTTP for file transfers, making it highly covert.
- StreamSpy collects extensive device data and supports commands for information gathering, file operations, and terminal access.
- The malware employs multiple persistence techniques and shows links to other threat actors like Donot and Spyder downloader.