Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

TAG-150 Develops Castlerat in Python, Expanding Its Malware Arsenal

In a significant development in the cybersecurity landscape, the threat actor group known as TAG-150 has developed a new variant of the Castlerat malware, this time written in Python. This evolution marks a notable shift in the group's tactics, techniques, and procedures (TTPs), showcasing their adaptability and technical prowess. The Python-based Castlerat variant enhances the malware's capabilities, making it more versatile and harder to detect by traditional security solutions. This article delves into the technical aspects of the new Castlerat variant, its potential impact on targeted organizations, and the broader implications for cybersecurity defenses. TAG-150, a known cyber espionage group, has been active in deploying sophisticated malware to infiltrate high-value targets. The transition to Python for Castlerat development allows for easier modification and deployment across different platforms, increasing the threat's reach. Security researchers have identified several new features in this variant, including improved command and control (C2) communication, enhanced data exfiltration methods, and stealthier persistence mechanisms. The emergence of Python-based malware like Castlerat underscores the growing trend of threat actors leveraging versatile programming languages to bypass security measures. Organizations must bolster their detection capabilities by incorporating behavioral analysis and anomaly detection to identify such advanced threats. Additionally, regular threat intelligence updates and employee awareness training are critical components in mitigating the risks posed by groups like TAG-150. In conclusion, the development of Castlerat in Python by TAG-150 represents a significant escalation in cyber threat sophistication. It highlights the need for continuous evolution in cybersecurity strategies to defend against increasingly complex malware. Stakeholders across industries should prioritize proactive threat hunting and invest in advanced security technologies to stay ahead of such emerging threats.

This Cyber News was published on thehackernews.com. Publication date: Sun, 07 Sep 2025 22:29:04 +0000

Cyber News related to TAG-150 Develops Castlerat in Python, Expanding Its Malware Arsenal

TAG-150 Develops Castlerat in Python, Expanding Its Malware Arsenal - In a significant development in the cybersecurity landscape, the threat actor group known as TAG-150 has developed a new variant of the Castlerat malware, this time written in Python. This evolution marks a notable shift in the group's tactics, ...
1 day ago Thehackernews.com TAG-150

CVE-2024-57897 - In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Correct the migration DMA map direction The SVM DMA device map direction should be set the same as the DMA unmap setting, otherwise the DMA core will report the following ...
7 months ago Tenable.com

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2022-48835 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago

Secretive MaaS Group Tag 150 Uses Novel Castlerat Malware - A newly identified MaaS (Malware-as-a-Service) group, known as Tag 150, has been linked to the deployment of a novel malware strain called Castlerat. This group operates with a high degree of secrecy and sophistication, targeting various ...
2 days ago Darkreading.com Tag 150

Python 2 EOL: Coping with Legacy System Challenges - Python 2.7 was the last major version in the 2.x series of this software language, which was launched on July 3, 2010 and was officially maintained and supported until January 1, 2020. At that point, when the Python 2 EOL phase began, the legacy ...
1 year ago Securityboulevard.com

PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
1 year ago Securityintelligence.com

How to Extract Malware Configurations in a Sandbox - The most sought-after source of these indicators is malware configurations. Malware Sandboxing Leader ANY.RUN handles the heavy lifting of phishing and malware analysis for SOC and DFIR teams and also helps 300,000 professionals use the platform to ...
1 year ago Gbhackers.com

Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
1 year ago Pandasecurity.com

How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
1 year ago Pandasecurity.com

Top 10 Best Dynamic Malware Analysis Tools in 2025 - FireEye Malware AnalysisEnterprise-grade solution, zero-day detection, integration with threat intelligence, memory forensics.Enterprise-grade malware detection and forensicsPricing details not publicly available; contact for quote.Yes6. Detux ...
6 months ago Cybersecuritynews.com

Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com