Basicstar

Basicstar is a malicious software designed to exploit and damage computer systems, often infiltrating without the user's knowledge through suspicious downloads, emails, or websites. It is capable of stealing personal information, disrupting operations, or holding data hostage for ransom. There are different versions of this malware: a macOS version named NokNok, and another variant that uses a RAR archive and LNK exploit leading to a backdoor named Basicstar. Between September and October of the previous year, the Basicstar backdoor was utilized in attacks orchestrated by an Iranian advanced persistent threat operation known as Charming Kitten, which also goes by several other aliases including Charming Cypress, Mint Sandstorm, APT35, TA453, and Yellow Garuda. These attacks were specifically targeted at Middle East policy experts. The information about these cyberattacks came to light in February 2024, as reported by SC Magazine and The Hacker News. Charming Kitten employed a sophisticated phishing scheme to facilitate the download of the Basicstar malware. The attackers impersonated the Rasanah International Institute for Iranian Studies, luring targets into joining a fake webinar. Once the victims were ensnared, the Basicstar malware was downloaded onto their systems, enabling data exfiltration and remote command execution. This strategy and its impacts were detailed in a report by Volexity.