SHADOW#REACTOR is a malware campaign using VBS, PowerShell, and MSBuild to stealthily deploy Remcos RAT with persistent remote access.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

A new malware campaign called SHADOW#REACTOR uses a sophisticated multi-stage attack chain to deploy Remcos RAT on Windows systems. The attack begins with an obfuscated VBS script that launches PowerShell to download fragmented text-based payloads from a remote server. These fragments are reconstructed in memory using a .NET Reactor-protected assembly, then executed via MSBuild.exe as a living-off-the-land binary. The campaign targets enterprise and SMB environments, employs self-healing mechanisms to ensure payload delivery, and uses multiple evasion techniques including anti-debugging checks, anti-VM detection, and text-only intermediates to avoid detection by antivirus and sandboxes.

New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack