A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast Tuesday, May 20th 2025: AutoIT Code RAT; Fake Keepass Download; Procolored Printer Software Compromise
May 19, 2025
6:41
5.61 MB
Downloads: 0
RAT Dropped By Two Layers of AutoIT Code
Xavier explains how AutoIT was used to install a remote admin tool (RAT) and how to analyse such a tool
https://isc.sans.edu/diary/RAT%20Dropped%20By%20Two%20Layers%20of%20AutoIT%20Code/31960
RVTools compromise confirmed
Robware.net, the site behind the popular tool RVTools now confirmed that it was compromised. The site is currently offline.
https://www.robware.net/readMore
Trojaned Version of Keepass used to install info stealer and Cobalt Strike beacon
A backdoored version of KeePass was used to trick victims into installing Cobalt Strike and other malware. In this case, Keepass itself was not compromised and the malicious version was advertised via search engine optimization tricks
https://labs.withsecure.com/publications/keepass-trojanised-in-advanced-malware-campaign
Procolored UV Printer Software Compromised
The official software offered by the makers of the Procolored UV printer has been compromised, and versions with malware were distributed for about half a year.
https://www.hackster.io/news/the-maker-s-toolbox-procolored-v11-pro-dto-uv-printer-review-680d491e17e3
https://www.gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads