Podcast Detail

SANS Stormcast Tuesday, May 20th 2025: AutoIT Code RAT; Fake Keepass Download; Procolored Printer Software Compromise

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9458.mp3

previous
Podcast Logo
AutoIT Code RAT; Fake Keepass Download; Procolored Printer Software Compromise
00:00

RAT Dropped By Two Layers of AutoIT Code
Xavier explains how AutoIT was used to install a remote admin tool (RAT) and how to analyse such a tool
https://isc.sans.edu/diary/RAT%20Dropped%20By%20Two%20Layers%20of%20AutoIT%20Code/31960

RVTools compromise confirmed
Robware.net, the site behind the popular tool RVTools now confirmed that it was compromised. The site is currently offline.
https://www.robware.net/readMore

Trojaned Version of Keepass used to install info stealer and Cobalt Strike beacon
A backdoored version of KeePass was used to trick victims into installing Cobalt Strike and other malware. In this case, Keepass itself was not compromised and the malicious version was advertised via search engine optimization tricks
https://labs.withsecure.com/publications/keepass-trojanised-in-advanced-malware-campaign

Procolored UV Printer Software Compromised
The official software offered by the makers of the Procolored UV printer has been compromised, and versions with malware were distributed for about half a year.
https://www.hackster.io/news/the-maker-s-toolbox-procolored-v11-pro-dto-uv-printer-review-680d491e17e3
https://www.gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads

no transcript found