Seroxen

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
SeroXen is a potent malware that has been discovered in malicious NuGet packages, infecting developer systems. The Remote Access Trojan (RAT) was first identified by the DevSecOps company Phylum and is being delivered through typosquatted NuGet packages. Additionally, SeroXen has been found to target gamers, as reported by HackRead, revealing a broad attack surface that encompasses both developers and end-users. The malware utilizes the BatCloak engine as its main loading mechanism, as discussed in a three-part series on BatCloak and SeroXen. The third part of this series delves into the distribution mechanism of SeroXen and BatCloak, highlighting the security implications of Fully Undetectable (FUD) batch obfuscation. This FUD capability, achieved through complex obfuscation patterns, has seen multilayered evolution in SeroXen, with notable predecessors such as Jlaive, BatCloak, CryBat, Exe2Bat, and ScrubCrypt playing a significant role in its development. The developers of these predecessor software were acknowledged on the SeroXen website, indicating their involvement in SeroXen's development. In response to the threat posed by SeroXen and BatCloak, organizations are advised to employ a cutting-edge, multilayered defensive strategy and comprehensive security solutions like Trend Micro™ XDR. These tools can detect, scan, and block malicious content across the modern threat landscape, thereby mitigating the risk of infection from these sophisticated malware strains. As the cybersecurity landscape continues to evolve, staying ahead of threats like SeroXen becomes increasingly crucial.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Batcloak
3
BatCloak is a fully undetectable (FUD) malware obfuscation engine that has been used by threat actors to stealthily deliver their malware since September 2022. The BatCloak engine was initially part of an FUD builder named Jlaive, which began circulating in 2022. Although the Jlaive code repository
Scrubcrypt
2
ScrubCrypt is a sophisticated malware that has been identified as a significant threat in the cybersecurity landscape. It operates as part of an intricate system of harmful software, including VenomRAT and various malicious plugins, designed to exploit and damage computer systems. The malware infilt
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Rat
Payload
Rootkit
Discord
Reddit
Extortion
Ransomware
Trojan
PowerShell
Github
Dropper
Windows
Exploit
Loader
Evasive
Youtube
Telegram
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
JlaiveUnspecified
1
Jlaive is a malware that began circulating in 2022, primarily known for its obfuscation algorithm powered by the BatCloak engine. The malware was designed to evade antivirus software by converting executables into undetectable batch files. The creator, identified as ch2sh, made significant contribut
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Seroxen Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
9 months ago
Malicious NuGet packages abuse MSBuild to install malware
CERT-EU
a year ago
Minecraft Community on High Alert as Malware Infects Popular Mods
BankInfoSecurity
a year ago
Breach Roundup: European Investment Bank Suffers Cyberattack
CERT-EU
10 months ago
Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack
CERT-EU
9 months ago
SeroXen RAT distributed via malicious NuGet package
CERT-EU
a year ago
Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme
CERT-EU
7 months ago
Malware leveraging public infrastructure like GitHub on the rise
CERT-EU
9 months ago
Cyber Security Week in Review: October 13, 2023
CERT-EU
7 months ago
Gamers Warned of Potential CS2 Exploit That Can Reveal IP Addresses
CERT-EU
9 months ago
Hackers Abuse NuGet Packages to Deliver SeroXen RAT
CERT-EU
9 months ago
Malicious Solana, Kucoin packages infect NuGet devs with SeroXen RAT
CERT-EU
a year ago
Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data
Trend Micro
a year ago
SeroXen Mechanisms: Exploring Distribution, Risks, and Impact
Trend Micro
a year ago
SeroXen Incorporates Latest BatCloak Engine Iteration