DeedRAT Backdoor Enhanced by Chinese APTs with Advanced Capabilities

LAB52, the intelligence team at S2 Group, has uncovered a new phishing campaign deploying DeedRAT—a modular backdoor attributed to Chinese threat actors—through adversary tracking efforts. The campaign leverages the legitimate signed binary MambaSafeModeUI.exe, part of the VIPRE Antivirus Premium software, which is vulnerable to DLL side-loading. This technique allows the attackers to load the DeedRATlab52Read More