Find notable cyber news and cases, enriched with sources, timelines, and signals.

Mixed Reality.exe loader deploys DCRat with persistence and AMSI evasion

Malware Activity
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

The Mixed Reality.exe stage is deploying DCRat on infected Windows hosts, giving operators durable remote access and data-theft capability. The loader adds persistence, performs anti-analysis checks, and disables Windows AMSI scanning before unpacking the RAT. That combination increases the chance the implant survives detection and remains available for follow-on abuse.

Timeline

  1. 06.07.2026 13:58 1 articles · 3d ago

    Mixed Reality.exe loader deploys DCRat with persistence and AMSI evasion

    Technical Analysis Update

    Seqrite Labs describes Operation DragonReturn as a spear-phishing campaign impersonating the Income Tax Department of India and targeting Indian taxpayers, tax professionals, and corporate finance teams. The loader chain extracts `nvdaHelperRemote.dll`, copies itself as `Mixed Reality.exe`, creates the `MixedSvc` Windows service, disables Windows AMSI scanning, and loads DCRat onto Windows hosts.

    Show sources