Batavia Spyware, RondoDox Botnet, and Atomic MacOS Stealer Target Russian Firms, 6,000+ Ethereum Developers Since July 2024

Cybersecurity researchers have identified multiple new threats targeting various sectors and platforms. The Batavia spyware, active since July 2024, has been targeting Russian organizations through fake contract emails, stealing internal documents, system logs, screenshots, and scanning USB devices. This spyware is linked to over 100 phishing incidents and is part of the NordDragonScan campaign, which employs stealthy living-off-the-land techniques to evade detection on Windows machines. Separately, a popular Visual Studio Code extension used by over 6,000 Ethereum smart contract developers was compromised with hidden code that executes PowerShell scripts, raising concerns about potential crypto theft or contract tampering. Another emerging threat is the RondoDox botnet, which hijacks Linux-based DVRs and routers, disables security tools, rewrites system commands, and mimics traffic from gaming platforms like Discord, Minecraft, and Fortnite to remain undetected. Additionally, the Atomic macOS Stealer has evolved from stealing passwords and crypto wallets to incorporating a backdoor for prolonged remote control of infected devices. Furthermore, the BaitTrap operation has been uncovered, revealing over 17,000 fake news websites involved in global investment fraud. Lastly, a new red team tool named Shellter has been used to evade detection by integrating various stealers. These developments highlight ongoing sophisticated cyber threats across multiple operating systems and sectors.