Cold driver, a Russian state-sponsored threat group, quickly shifted from its LOSTKEYS malware to develop more advanced and stealthy tools like MAYBEROBOT. Their evolving malware techniques involve sophisticated chain delivery methods and obfuscation to target high-profile individuals and evade detection. #COLDRIVER #LOSTKEYS #MAYBEROBOT #NOROBOT #CYBERESPIONAGE
Keypoints
- COLDRIVER, a Russian threat group, rapidly abandoned LOSTKEYS after exposure to develop new malware strains.
- The campaign primarily involves NOROBOT, a malicious DLL disguised as a CAPTCHA prompt, enabling stealthy infection.
- YESROBOT was an early backdoor that was quickly replaced by a more advanced PowerShell-based malware, MAYBEROBOT.
- MAYBEROBOT is designed for flexibility, capable of downloading and executing code, running commands, and maintaining persistence.
- Throughout 2025, COLDRIVER continuously improved its malware infrastructure to evade detection and enhance operational control.
Read More: https://thecyberexpress.com/coldriver-new-malware-after-lostkeys-exposure/