PLAYFULGHOST backdoor supports multiple information stealing features
Security Affairs
JANUARY 5, 2025
“Mandiant observed a second, more sophisticated execution scenario which begins with a Windows LNK file named QQLaunch.lnk. ThisLNK file combines a text file named h which contains the characters “MZ” and a second file t which contains the rest of PE payload to construct a new malicious DLL named libcurl.dll.”
Let's personalize your content