PS1Bot malvertising-delivered multi-stage malware framework
Malware Activity
Summary
Hide ▲
Show ▼
PS1Bot is a newly disclosed malvertising-delivered malware framework that can steal information, capture keystrokes, take screenshots, and maintain persistent access on infected systems. The activity has been active since early 2025 and uses a multi-stage chain built around PowerShell and C#. Infection starts through malvertising or SEO poisoning, which helps deliver the initial payload. Its modular design and in-memory execution reduce disk artifacts and make forensic detection harder.
Related Happenings
Tomiris multi-language malware modules using Discord and Telegram C2
Malware Activity
First: 01.12.2025 07:07
Last: 01.12.2025 07:07
Sources 1
About this happening:
The **Tomiris** malware set is now using **Discord** and **Telegram** as C2, making its post-exploitation traffic harder to spot and letting operators blend in with legitimate ser...
Tomiris multi-language malware modules using Discord and Telegram C2
Malware ActivityAbout this happening: The **Tomiris** malware set is now using **Discord** and **Telegram** as C2, making its post-exploitation traffic harder to spot and letting operators blend in with legitimate ser...
AI-powered malware families integrating LLMs during execution
Malware Activity
First: 05.11.2025 16:59
Last: 05.11.2025 16:59
Sources 1
About this happening:
Google's GTIG identified **multiple AI-powered malware families** that use **LLMs during execution**, signaling a shift toward malware that can adapt while running. The set includ...
AI-powered malware families integrating LLMs during execution
Malware ActivityAbout this happening: Google's GTIG identified **multiple AI-powered malware families** that use **LLMs during execution**, signaling a shift toward malware that can adapt while running. The set includ...
Bookworm malware used by Mustang Panda since 2015
Malware Activity
First: 27.09.2025 15:06
Last: 27.09.2025 15:06
Sources 1
About this happening:
The long-running **Bookworm** malware used by **Mustang Panda** remains a serious threat because it can maintain control over **compromised systems**. It supports **arbitrary comm...
Bookworm malware used by Mustang Panda since 2015
Malware ActivityAbout this happening: The long-running **Bookworm** malware used by **Mustang Panda** remains a serious threat because it can maintain control over **compromised systems**. It supports **arbitrary comm...
Timeline
-
13.08.2025 18:46 1 articles · 9mo ago
PS1Bot malvertising campaign disclosed
Initial DisclosureCisco Talos disclosed a new PS1Bot malvertising campaign that has been active since early 2025 and uses SEO poisoning to deliver a ZIP archive containing JavaScript and PowerShell stages. The modular framework contacts a C2 server for next-stage PowerShell commands and supports information theft, keylogging, reconnaissance, screen capture, wallet grabbing, and persistence while minimizing persistent artifacts through in-memory execution.
Show sources
- New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks — thehackernews.com — 13.08.2025 18:46