Seroxen

Malware updated 4 months ago (2024-05-04T18:19:30.462Z)

Download STIX

Preview STIX

SeroXen is a potent malware that has been discovered in malicious NuGet packages, infecting developer systems. The Remote Access Trojan (RAT) was first identified by the DevSecOps company Phylum and is being delivered through typosquatted NuGet packages. Additionally, SeroXen has been found to target gamers, as reported by HackRead, revealing a broad attack surface that encompasses both developers and end-users. The malware utilizes the BatCloak engine as its main loading mechanism, as discussed in a three-part series on BatCloak and SeroXen. The third part of this series delves into the distribution mechanism of SeroXen and BatCloak, highlighting the security implications of Fully Undetectable (FUD) batch obfuscation. This FUD capability, achieved through complex obfuscation patterns, has seen multilayered evolution in SeroXen, with notable predecessors such as Jlaive, BatCloak, CryBat, Exe2Bat, and ScrubCrypt playing a significant role in its development. The developers of these predecessor software were acknowledged on the SeroXen website, indicating their involvement in SeroXen's development. In response to the threat posed by SeroXen and BatCloak, organizations are advised to employ a cutting-edge, multilayered defensive strategy and comprehensive security solutions like Trend Micro™ XDR. These tools can detect, scan, and block malicious content across the modern threat landscape, thereby mitigating the risk of infection from these sophisticated malware strains. As the cybersecurity landscape continues to evolve, staying ahead of threats like SeroXen becomes increasingly crucial.

Description last updated: 2024-05-04T17:43:01.519Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Batcloak	3	BatCloak is a fully undetectable (FUD) malware obfuscation engine that has been used by threat actors to stealthily deliver their malware since September 2022. The BatCloak engine was initially part of an FUD builder named Jlaive, which began circulating in 2022. Although the Jlaive code repository
Scrubcrypt	2	ScrubCrypt is a sophisticated malware that has been used as a delivery mechanism for other malicious software, notably VenomRAT. The malware operates by exploiting systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside the system, ScrubCrypt can disrupt

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Rootkit

Payload

Discord

Rat

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Seroxen Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	10 months ago	Malicious NuGet packages abuse MSBuild to install malware
CERT-EU	a year ago	Minecraft Community on High Alert as Malware Infects Popular Mods
BankInfoSecurity	a year ago	Breach Roundup: European Investment Bank Suffers Cyberattack
CERT-EU	a year ago	Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack
CERT-EU	a year ago	SeroXen RAT distributed via malicious NuGet package
CERT-EU	a year ago	Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme
CERT-EU	9 months ago	Malware leveraging public infrastructure like GitHub on the rise
CERT-EU	a year ago	Cyber Security Week in Review: October 13, 2023
CERT-EU	9 months ago	Gamers Warned of Potential CS2 Exploit That Can Reveal IP Addresses
CERT-EU	10 months ago	Hackers Abuse NuGet Packages to Deliver SeroXen RAT
CERT-EU	a year ago	Malicious Solana, Kucoin packages infect NuGet devs with SeroXen RAT
CERT-EU	a year ago	Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data
Trend Micro	a year ago	SeroXen Mechanisms: Exploring Distribution, Risks, and Impact
Trend Micro	a year ago	SeroXen Incorporates Latest BatCloak Engine Iteration