New NightShadeC2 Botnet Uses UAC Prompt Bombing to Evade Detection

A new botnet named NightShadeC2 has been discovered employing a novel technique called UAC prompt bombing to bypass User Account Control (UAC) defenses on Windows systems. This innovative approach overwhelms the UAC prompts, effectively desensitizing users and allowing the malware to execute with elevated privileges without raising suspicion. NightShadeC2's operators leverage this method to maintain persistence and control over infected machines, facilitating further malicious activities such as data exfiltration and lateral movement within networks. The botnet's use of UAC prompt bombing represents a significant evolution in evasion tactics, highlighting the increasing sophistication of cyber threats targeting enterprise environments. Security researchers emphasize the importance of user awareness and robust endpoint protection solutions to mitigate the risks posed by such advanced malware. Organizations are advised to implement strict application control policies and monitor for unusual UAC prompt activity as indicators of compromise. NightShadeC2 also integrates multiple modules for reconnaissance, credential theft, and command-and-control communication, making it a versatile tool for threat actors. Its modular architecture allows for rapid updates and customization, complicating detection and response efforts. The botnet's activity has been linked to financially motivated cybercriminal groups seeking to exploit vulnerabilities in corporate networks. In response to this emerging threat, cybersecurity teams should prioritize patch management, user training on UAC prompts, and deployment of behavioral analytics to detect anomalous processes. Collaboration between industry stakeholders and continuous threat intelligence sharing will be crucial in countering the evolving tactics employed by NightShadeC2 and similar malware families. This discovery underscores the dynamic nature of cyber threats and the need for adaptive defense strategies. By understanding the mechanisms behind UAC prompt bombing and NightShadeC2's operational methods, organizations can better prepare to defend against these sophisticated attacks and protect critical assets from compromise.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 05 Sep 2025 09:20:17 +0000

Cyber News related to New NightShadeC2 Botnet Uses UAC Prompt Bombing to Evade Detection

New NightShadeC2 Botnet Uses UAC Prompt Bombing to Evade Detection - A new botnet named NightShadeC2 has been discovered employing a novel technique called UAC prompt bombing to bypass User Account Control (UAC) defenses on Windows systems. This innovative approach overwhelms the UAC prompts, effectively desensitizing ...
5 months ago Cybersecuritynews.com

New Email Bombing Detection in Office 365 to Detect Email Bombing Attacks - Microsoft is strengthening its cybersecurity arsenal with the introduction of Mail Bombing Detection in Microsoft Defender for Office 365, a sophisticated feature designed to combat the growing threat of email bombing attacks. The new detection type ...
7 months ago Cybersecuritynews.com

UAC Bypass: 3 Methods Used Malware In Windows 11 in 2024 - User Account Control is one of the security measures introduced by Microsoft to prevent malicious software from executing without the user's knowledge. Modern malware has found effective ways to bypass this barrier and ensure silent deployment on the ...
1 year ago Cybersecuritynews.com

Forget Deepfakes or Phishing: Prompt Injection is GenAI's Biggest Problem - Cybersecurity professionals and technology innovators need to be thinking less about the threats from GenAI and more about the threats to GenAI from attackers who know how to pick apart the design weaknesses and flaws in these systems. Chief among ...
2 years ago Darkreading.com

WinRAR Flaw: LONEPAGE Malware Strikes Ukrainian Firms - In the realm of cybersecurity, vigilance is paramount, and recent developments reveal a persistent threat facing Ukrainian entities. In this blog post, we'll look into the intricate details of the persistent cybersecurity threat posed by LONEPAGE ...
2 years ago Securityboulevard.com

Microsoft Defender for Office 365 now blocks email bombing attacks - In mail bombing attacks, threat actors flood their targets' email inboxes with thousands or tens of thousands of messages within minutes, either by subscribing them to a large number of newsletters or using dedicated cybercrime services that can send ...
7 months ago Bleepingcomputer.com FIN7

Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
2 years ago Bleepingcomputer.com Volt Typhoon

Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
1 year ago Securityboulevard.com Fancy Bear APT28 Volt Typhoon

New Vo1d botnet variant infects 1.6 million Android TVs worldwide - A new variant of the Vo1d malware botnet has infected 1,590,299 Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. The Vo1d botnet is a multi-purpose cybercrime tool that turns compromised devices ...
11 months ago Bleepingcomputer.com

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
7 months ago Cybersecuritynews.com

Vo1d malware botnet grows to 1.6 million Android TVs worldwide - A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. The Vo1d botnet is a multi-purpose cybercrime tool that turns compromised ...
11 months ago Bleepingcomputer.com

How AI can be hacked with prompt injection: NIST report - As AI proliferates, so does the discovery and exploitation of AI cybersecurity vulnerabilities. Prompt injection is one such vulnerability that specifically attacks generative AI. In Adversarial Machine Learning: A Taxonomy and Terminology of Attacks ...
1 year ago Securityintelligence.com

"Largest Botnet Ever" Disrupted. 911 S5's Alleged Mastermind Arrested - A vast network of millions of compromised computers, being used to facilitate a wide range of cybercrime, has been disrupted by a multinational law enforcement operation. 35-year-old YunHe Wang, a dual citizen of China and St. Kitts and Nevis, is ...
1 year ago Tripwire.com

Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested - The US Justice Department announced on Wednesday that the massive 911 S5 proxy botnet has been dismantled and its alleged administrator, a Chinese national, has been arrested. The Treasury Department earlier this week announced sanctions against ...
1 year ago Packetstormsecurity.com

New botnet malware exploits two zero-days to infect NVRs and routers - A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution vulnerabilities to infect routers and video recorder devices. The malware hijacks the devices to make them part of its DDoS swarm, ...
2 years ago Bleepingcomputer.com

Bigpanzi botnet infects 170,000 Android TV boxes with malware - A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. Beijing-based Qianxin Xlabs reports that the threat group controls a ...
2 years ago Bleepingcomputer.com

RUBYCARP hackers linked to 10-year-old cryptomining botnet - A Romanian botnet group named 'RUBYCARP' is leveraging known vulnerabilities and performing brute force attacks to breach corporate networks and compromise servers for financial gain. According to a new report by Sysdig, RUBYCARP currently operates a ...
1 year ago Bleepingcomputer.com CVE-2021-3129

Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities - Researchers have discovered an Internet of Things botnet linked with attacks against multiple US government and communications organizations. It comes built with a series of stealth mechanisms and the ability to spread further into local area ...
2 years ago Darkreading.com Volt Typhoon

Stealthier version of P2Pinfect malware targets MIPS devices - The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS processors, such as routers and IoT devices. Due to their efficiency and compact design, MIPS chips are prevalent in embedded systems like routers, ...
2 years ago Bleepingcomputer.com CVE-2022-0543

10 Best EDR Tools ( Endpoint Detection & Response) - 2025 - What is good?What Could Be Better ?Provides comprehensive endpoint monitoring.Some users might find the installation and configuration process of the solution tedious.Protect your entire security stack with in-depth threat intelligence.Some users ...
10 months ago Cybersecuritynews.com

Feds go Fancy Bear hunting, take down Russia's GRU botnet The Register - The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets. Moobot ...
1 year ago Go.theregister.com Fancy Bear Volt Typhoon

Aisuru Botnet With 300,000 Hijacked Routers - The Aisuru botnet has emerged as a significant threat in the cybersecurity landscape, leveraging an astonishing network of over 300,000 hijacked routers worldwide. This botnet primarily targets vulnerable routers to create a massive distributed ...
4 months ago Cybersecuritynews.com

New Scraper Botnet with 3,600+ Unique Devices Attacking Targets in US and UK - Cyber Security News - GreyNoise analysts identified this previously untracked variant through advanced network fingerprinting techniques, moving beyond conventional signature-based detection to analyze the actual behavior of infected devices. The research team developed a ...
7 months ago Cybersecuritynews.com

FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
1 year ago Bleepingcomputer.com Fancy Bear APT28 Turla Volt Typhoon

Russian admits building now-dismantled IPStorm proxy botnet The Register - The FBI says it has dismantled another botnet after collaring its operator, who admitted hijacking tens of thousands of machines around the world to create his network of obedient nodes. Sergei Makinin, a Russian and Moldovan national, was cuffed in ...
2 years ago Theregister.com