GoSerpent malware activity targeting Southeast Asian entities
Malware Activity
Summary
Hide ▲
Show ▼
GoSerpent is being used in cyber attacks against entities in Southeast Asia, with the activity focused on long-term access, intelligence gathering, and data exfiltration. The malware is aimed at government and diplomatic entities and can deploy follow-on tools for credential dumping and file collection. It also supports SOCKS5 proxying and remote access, helping operators hide traffic through compromised hosts. The toolset has expanded over time, with May 2026 activity adding new payloads for staged exfiltration.
Related Happenings
Armored Likho spear-phishing and malware-delivery campaign targeting government and power sectors
Campaign
H score37
First: 03.07.2026 16:36
Last: 03.07.2026 16:36
Sources 1
About this happening:
The Armored Likho campaign is using spear-phishing and malware-delivery chains to target government agencies and the electric power sector across Russia, Brazil,...
Armored Likho spear-phishing and malware-delivery campaign targeting government and power sectors
CampaignAbout this happening: The Armored Likho campaign is using spear-phishing and malware-delivery chains to target government agencies and the electric power sector across Russia, Brazil,...
BusySnake Stealer Windows information-theft activity
Malware Activity
H score30
First: 03.07.2026 16:36
Last: 03.07.2026 16:36
Sources 1
About this happening:
The BusySnake Stealer malware is being used against Windows systems to steal browser cookies, passwords, documents, screenshots, wallet files, and Telegram data, increasin...
BusySnake Stealer Windows information-theft activity
Malware ActivityAbout this happening: The BusySnake Stealer malware is being used against Windows systems to steal browser cookies, passwords, documents, screenshots, wallet files, and Telegram data, increasin...
Showboat Linux post-exploitation backdoor framework
Malware Activity
H score16
First: 21.05.2026 17:17
Last: 21.05.2026 17:17
Sources 1
About this happening:
The Showboat Linux malware has been identified as a modular post-exploitation framework used since at least mid-2022, raising the risk of persistent access on compromi...
Showboat Linux post-exploitation backdoor framework
Malware ActivityAbout this happening: The Showboat Linux malware has been identified as a modular post-exploitation framework used since at least mid-2022, raising the risk of persistent access on compromi...
Timeline
-
17.07.2026 11:46 2 articles · 3h ago
GoSerpent malware activity targeting Southeast Asian entities
Initial DisclosureSince late 2025, GoSerpent has been used against Southeast Asian government and diplomatic entities to establish covert access and begin intelligence collection. Kaspersky uncovered the activity in February 2026 after identifying a malware chain built for credential theft, proxying, and staged exfiltration.
Show sources
- New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage — thehackernews.com — 17.07.2026 11:46
- New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage — thehackernews.com — 17.07.2026 11:46