New .NET AOT Malware Campaign Uses Black Box Technique to Evade Detection

Researchers at Howler Cell discovered a new .NET AOT malware campaign that employs a scoring system to evade detection by concealing malicious code as a "black box." The malware leverages .NET's Ahead-of-Time (AOT) compilation to obscure its functionality, making static and dynamic analysis more difficult. No specific dates, victim counts, or CVE identifiers were mentioned in the report. The technique is associated with the Rhadamanthys malware family, though further technical details about the campaign's execution or targets were not provided. The primary impact involves increased stealth and resistance to traditional detection methods.