SANS Internet Storm Center's Stormcast: May 8, 2025 Edition Highlights Critical Cybersecurity Issues

In the May 8, 2025 edition of the SANS Internet Storm Center's Stormcast, Johannes Ullrich, recording from San Diego, California, addresses several crucial cybersecurity topics. The first item on the agenda is an analysis of a particularly interesting piece of malware. Unlike most malware written in Python, this one is coded in .NET and stands out for its modularity. This modularity allows the malware to download and install specific modules from GitHub based on needs, reducing the initial download size and decreasing the risk of detection. Among the available modules are features to install a rootkit, steal tokens, capture passwords, and even activate the victim's webcam. This modular approach makes the malware harder to detect, as it does not contain malicious code from the start.