Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

AGEWHEEZE remote access trojan activity

Malware Activity
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

CERT-UA disclosed AGEWHEEZE, a remote access trojan delivered through a password-protected ZIP that enabled remote control over infected devices. The malware was spread through a phishing campaign impersonating CERT-UA and was designed to look like legitimate security software. AGEWHEEZE could execute commands, manage files, capture screenshots, and control input and processes while maintaining persistence on Windows systems. The operation was assessed as largely unsuccessful, with only a few infected employee devices identified.

Related Happenings

AgingFly malware attacks local governments and hospitals in Ukraine

Malware Activity
First: 16.04.2026 00:57 Last: 16.04.2026 00:57 Sources 1

About this happening: The **AgingFly** malware is now being deployed against **local governments and hospitals** in **Ukraine**, where it steals browser and WhatsApp authentication data and enables dee...

Open Happening

UAC-0255 CERT-UA impersonation phishing campaign

Campaign
First: 01.04.2026 19:10 Last: 01.04.2026 19:10 Sources 1

How related: As part of the attacks, the threat actors, tracked as UAC-0255, sent emails on March 26 and 27, 2026, posing as CERT-UA to distribute a password-protected ZIP archive hosted on Files.fm and urged recipients to install the "specialized software."

About this happening: The **UAC-0255** phishing campaign impersonated **CERT-UA** to deliver a password-protected ZIP archive and trick recipients into installing **AGEWHEEZE**. The operation ran on **...

Open Happening

Timeline

  1. 01.04.2026 19:10 1 articles · 1mo ago

    CERT-UA impersonation phishing on March 26, 2026

    Exploitation Observed

    On March 26, 2026, UAC-0255 sent phishing emails posing as CERT-UA, using a password-protected ZIP archive hosted on Files.fm and a fake security-software lure to deliver AGEWHEEZE to targeted state organizations, medical centers, security companies, educational institutions, financial institutions, and software development companies.

    Show sources
    Open in new tab
  3. 01.04.2026 19:10 2 articles · 1mo ago

    CERT-UA discloses the AGEWHEEZE phishing campaign on April 1, 2026

    Initial Disclosure

    CERT-UA disclosed that UAC-0255 impersonated the agency to distribute AGEWHEEZE through a password-protected ZIP archive on Files.fm, supported by the bogus domain cert-ua[.]tech and the sender address incidents@cert-ua[.]tech. CERT-UA described AGEWHEEZE as a Go-based remote access trojan that communicates with 54.36.237[.]92 over WebSockets, can execute commands and file operations, and can persist through a scheduled task, the Windows Registry, or the Startup directory.

    Show sources
    Open in new tab