TA585 Threat Group Deploys Sophisticated MonsterV2 Malware

Cyber Security News by CyberSum.net

Published on October 14, 2025 at 12:00 PM

3 sources

The emerging threat group TA585 is utilizing advanced malware campaigns, particularly with the MonsterV2 malware. This group distinguishes itself by managing its attack chain in-house, avoiding reliance on established cybercrime services. MonsterV2, a remote access trojan (RAT), stealer, and loader, is known for its high cost and feature-rich toolset. TA585's tactics include government-themed phishing campaigns and JavaScript web injects on compromised websites, highlighting the need for vigilant monitoring and adaptive defense strategies.

Also Read

GlassWorm Malware Targets Developers via OpenVSX and VS Code

A new supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with self-spreading malware called GlassWorm. The malware, installed an estimated 35,800 times, hides its malicious code using invisible characters and spreads using stolen account information. It uses the Solana blockchain for command-and-control, making takedown difficult, with Google Calendar as a backup option. The malware steals credentials for GitHub, npm, and OpenVSX accounts, as well as cryptocurrency wallet data from 49 extensions. It also deploys a SOCKS proxy and installs VNC clients for invisible remote access. The final payload, called ZOMBI, turns infected systems into nodes for cybercriminal activities.

By Cyber Security News by CyberSum.netOctober 20, 2025 at 09:00 PM