{"id":223049,"date":"2025-10-08T04:20:34","date_gmt":"2025-10-08T09:20:34","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/10\/batshadow-group-uses-new-go-based-vampire-bot-malware-to-hunt-job-seekers"},"modified":"2025-10-08T04:20:34","modified_gmt":"2025-10-08T09:20:34","slug":"batshadow-group-uses-new-go-based-vampire-bot-malware-to-hunt-job-seekers","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/10\/batshadow-group-uses-new-go-based-vampire-bot-malware-to-hunt-job-seekers","title":{"rendered":"BatShadow Group Uses New Go-Based \u2018Vampire Bot\u2019 Malware to Hunt Job Seekers"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/batshadow-group-uses-new-go-based-vampire-bot-malware-to-hunt-job-seekers2.jpg\"><\/a><\/p>\n<p>In October 2024, Cyble also <a href=\"https:\/\/cyble.com\/blog\/vietnamese-threat-actors-multi-layered-strategy-on-digital-marketing-professionals\/\" rel=\"noopener\" target=\"_blank\">disclosed<\/a> details of a sophisticated multi-stage attack campaign orchestrated by a Vietnamese threat actor that targeted job seekers and digital marketing professionals with Quasar RAT using phishing emails containing booby-trapped job description files.<\/p>\n<p>BatShadow is assessed to be active for at least a year, with <a href=\"https:\/\/twitter.com\/filescan_itsec\/status\/1858873841583309195\" rel=\"noopener\" target=\"_blank\">prior<\/a> <a href=\"https:\/\/twitter.com\/Thisism23567356\/status\/1861367550774292804\" rel=\"noopener\" target=\"_blank\">campaigns<\/a> using <a href=\"https:\/\/twitter.com\/byrne_emmy12099\/status\/1861454443260321945\" rel=\"noopener\" target=\"_blank\">similar domains<\/a>, such as samsung-work[.]com, to propagate malware families including Agent Tesla, Lumma Stealer, and Venom RAT.<\/p>\n<p>\u201cThe BatShadow threat group continues to employ sophisticated social engineering tactics to target job seekers and digital marketing professionals,\u201d Aryaka said. \u201cBy leveraging disguised documents and a multi-stage infection chain, the group delivers a Go-based Vampire Bot capable of system surveillance, data exfiltration, and remote task execution.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In October 2024, Cyble also disclosed details of a sophisticated multi-stage attack campaign orchestrated by a Vietnamese threat actor that targeted job seekers and digital marketing professionals with Quasar RAT using phishing emails containing booby-trapped job description files. BatShadow is assessed to be active for at least a year, with prior campaigns using similar domains, [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,6,8,1511],"tags":[],"class_list":["post-223049","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-robotics-ai","category-space","category-surveillance"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/223049","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=223049"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/223049\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=223049"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=223049"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=223049"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}