Automatically translated.View original post

CastleRAT malware attacks Windows users secretly controlling

CastleRAT malware attacks Windows users secretly controlling the machine silently.

One type of malware that many readers will be familiar with: the remote access trojan type of malware, many of which have been reborn almost every day, and this is another new one to trouble Windows users again.

According to a report by the website Cyber Security News, a new RAT type of malware called CastleRAT was detected by a research team from Splunk, an expert company building enterprise cybersecurity tools. The research team first detected this malware in March. The malware will focus on attacks on Windows users by this malware. In addition to its basic capabilities, it allows hackers to take over the victim's machine. The malware is also divided into two versions:

Python version, which is a small (Lightweight) version.

Version C is a version that comes with high-level capabilities such as Keystoke, Screen Log Stealth, and Superior Persistance.

The research team has not identified any form of proliferation or deception for hackers to download and install malware. It is technically specified that the malware, after installing itself on the system, will collect systemic information from the victim's machine, such as computer name, user name, GUID number, IP address number, etc. The malware will send it back to a C2 (Command and Control) server with fixed-line encryption (Hardcoding) after the hacker has received the information. It will send a command through the C2 server to command the malware to run in the next step.

One of the more interesting features is the Clipboard theft feature to steal sensitive data copied by the victim on the Clipboard, such as the address of sending or receiving Kryptokerrency money, passwords, to the Kryptokerrency wallet loan code, where the malware takes over Hijacking and secretly uses the Paste command and then quietly smuggles the Exfiltration back to the C2 server.

The secret to silently smuggling is that instead of the malware running a network Sockets channel that is open or even running a network API that is vulnerable to detection, the malware copies the data on the Clipboard and uses the SendInput () function to place messages on unsuspecting applications to deceive the detection system and then distributes them to the C2 server. The research team also revealed examples of this function code:

If (OpenClipboard (0164))

{

EmptyClipboard ();

HMM = GlobalAlloc (0x2000u, v2 + 1);

Dest = GlobalLock (hMem);

Strcpy (Dest, Source);

SetClipboardData (1u, hMem);

CloseClipboard ();

pInputs [0] .ki.wVk = VK _ CONTROL;

pInputs [2] .ki.wVk = 'V';

SendInput (4u, pInputs, 40);

}

In defense, the research team recommended that enterprise users regularly monitor the behavior of their network in order to prevent and intervene when they are detected.

# Recap 2025 # Take care of yourself # Open budget # Includes IT matters # Trending

2025/12/24 Edited to

... Read moreหลังจากได้รู้จักกับ CastleRAT ซึ่งเป็นมัลแวร์ในกลุ่ม Remote Access Trojan ที่มุ่งเป้าโจมตีผู้ใช้งาน Windows โดยสามารถขโมยข้อมูลที่อยู่ใน Clipboard ซึ่งเป็นข้อมูลส่วนตัวที่เราอาจคัดลอกไว้ เช่น รหัสผ่าน หรือที่อยู่คริปโตเคอร์เรนซี ผมขอแชร์ประสบการณ์และข้อควรระวังเพิ่มเติมสำหรับผู้ใช้งานทั่วไปและองค์กรครับ 1. ตรวจสอบและอัปเดตระบบเสมอ จากที่ผมติดตามข่าว พบว่าการมีระบบปฏิบัติการ Windows ที่ได้รับการอัปเดตล่าสุด จะช่วยลดช่องโหว่ที่มัลแวร์ใช้โจมตีได้พอสมควร 2. ใช้ซอฟต์แวร์แอนตี้ไวรัสและโปรแกรมความปลอดภัยที่น่าเชื่อถือ สาเหตุที่ CastleRAT ใช้โค้ดที่ส่งคำสั่งผ่านฟังก์ชัน SendInput() เพื่อหลอกระบบตรวจจับเป็นเทคนิคที่ฉลาดมาก ผู้ใช้ควรติดตั้งซอฟต์แวร์ที่สามารถตรวจจับพฤติกรรมที่ไม่ปกติในระบบ 3. ระวังการดาวน์โหลดไฟล์หรือคลิกลิงก์จากแหล่งที่ไม่น่าเชื่อถือ เนื่องจากทีมวิจัยไม่ได้ระบุชัดเจนวิธีแพร่กระจายของ CastleRAT แต่โดยปกติมัลแวร์ประเภท RAT มักใช้วิธีนี้ 4. อย่าคัดลอกข้อมูลสำคัญลง clipboard โดยไม่จำเป็น เลี่ยงการเก็บข้อมูลสำคัญบน clipboard นานเกินไป และล้าง clipboard หลังใช้งาน เช่น รหัสผ่านหรือที่อยู่กระเป๋าเงินคริปโต 5. สำหรับองค์กร ควรตั้งระบบเฝ้าระวังพฤติกรรมเครือข่าย และวิเคราะห์ log การใช้งานอย่างสม่ำเสมอ เพื่อพบความผิดปกติที่อาจเกิดจาก RAT จาก OCR โค้ดที่ทางทีมวิจัยเปิดเผย ช่วยให้เราเห็นภาพว่ามัลแวร์ใช้งานฟังก์ชันของ Windows API ในการจัดการ clipboard อย่างไร นี่เป็นเคล็ดลับของ CastleRAT ที่ทำให้ยากต่อการตรวจจับและแอบส่งข้อมูลออกไปยังเซิร์ฟเวอร์แฮกเกอร์ ท้ายที่สุด การรับรู้และเข้าใจพฤติกรรมของมัลแวร์ชนิดนี้จะช่วยให้เราปรับตัวและป้องกันภัยไซเบอร์ได้ดีขึ้น รักษาความปลอดภัยข้อมูลส่วนตัวเป็นเรื่องสำคัญที่ไม่ควรมองข้ามในยุคนี้ครับ

Related posts

The image displays the title slide for 'Helpful AI prompts for creators' from 'CREATOR SYSTEMS', aiming to help creators create faster, organize smarter, and stop rebuilding processes from scratch. It encourages users to swipe for prompts.
The image presents 'PROMPT 05: Turn your expertise into a series'. The prompt asks AI to help turn expertise on a topic into 5 recurring content series that educate, build authority, and are engaging. It's for creators who know their stuff but struggle to package it.
The image shows 'PROMPT 01: Turn messy ideas into content'. The prompt asks AI to organize scattered content ideas into 3-5 content pillars, explain each, and suggest recurring post themes. It's for creators with many notes but blurry strategy.
Creator prompts
some helpful ai prompts for creators. I'm deep into ai engineering, don't mind me. #aipromptideas #creatorideas
Bytes' Atelier

Bytes' Atelier

62 likes

🚨 16 Billion passwords leaked - the largest breach ever 🚨 Here is how it happened and what you can do to be safe. #news #databreach #cybersecuritytips #onlinesafety
Cybersecurity Girl

Cybersecurity Girl

130 likes

A human brain rests on an open book, with 'Med Surg Neuro (Part 1)' text. The image serves as a cover for a nursing study guide on the nervous system, featuring the Lemon8 logo.
This page provides an overview of the nervous system, detailing the CNS and PNS, different brain parts, somatic nervous system (sensory/motor neurons), and autonomic nervous system (sympathetic/parasympathetic) with memory tricks.
This page details neuro assessment, including the Glasgow Coma Scale, orientation, posturing (decorticate, decerebrate), levels of consciousness, pupil assessment (PERRLA), deep tendon reflexes, and Babinski reflex.
All Things Nervous System! 
(Part 1)
Med Surg Neuro Week: All Things Nervous System! (Part 1) This week is all about diving deep into Neuro for nursing students! Get ready for comprehensive notes and study tips on: ✨ Nervous System Overview ✨ Neuro Assessment & Key Findings ✨ Cranial Nerves Simplified ✨ Conditions: ALS, A
JustMe

JustMe

182 likes

Part 2 Trump PANICS as SPECIAL FORCES Enter WAR!!! #news #trump #politics #special #fyp
KatieCouric**

KatieCouric**

0 likes

A vibrant cover image featuring Anjali Viramgama amidst confetti, with the title "Top Cybersecurity Certificates." It highlights key certifications for advancing skills and knowledge in cybersecurity.
A card detailing the Certified Information Security Manager (CISM) certification. It explains CISM focuses on managing information security programs, covering risk management, governance, and incident response.
A card detailing the Certified Ethical Hacker (CEH) certification. It explains CEH focuses on ethical hacking and penetration testing, covering topics like network scanning, malware threats, and social engineering.
Top Cybersecurity Certificates
There are several reputable cybersecurity certifications that can help you advance your skills and knowledge in the field of cybersecurity. 1. Certified Information Systems Security Professional (CISSP): - CISSP is a globally recognized certification that covers a wide range of cybersecurit
anjali.gama

anjali.gama

111 likes

Prompts for creators
🌱 From Chaos to Calendar: Ready to move those organized tasks into Notion? Here are 3 simple steps to seamlessly integrate your to-dos into your existing system. Keep it low-friction & effective! Copy & paste your sorted tasks! 📅 #NotionTips #TaskManagement #DigitalOrganization #work
Bytes' Atelier

Bytes' Atelier

11 likes

Check out this website that helps you when you’re feeling uninspired! I walk you thru the process of downloading the svg file to taking it to cricut design space! Happy crafting. #designinspo #creativeart #cricutprojects #svgfiles #CricutTips
VlunaWorks

VlunaWorks

47 likes

#TikTokCreatorSearchInsightsIncentive #narcissisticabuse #narcabuse #narcissim
Nina Batista

Nina Batista

17 likes

😫 Wanting to quit your 9-5?
Becoming a Pinterest Manager might be for you! In less than a year, I went from earning $2K at my 9-5 to over $4K/month with Pinterest management alone. Now, with all the different skills and platforms I lesrned, I make anywhere from $12-15K A MONTH! Back then, I knew I had to do something
Bria | Social, Design, & AI

Bria | Social, Design, & AI

485 likes

Replying to @malwaredb my favorite eyeshadows from Moira 💗 I use the shade renegade so often and people literally stop me to ask where it’s from almost every time I wear it! #beauty #makeup #eyeshadow @moiracosmetics
aaliyah ✈️

aaliyah ✈️

0 likes

Solved: exFAT Drive Not Recognized in Windows 10
Why exFAT drive not recognized in Windows 10/11 and what’s the best solution to it? Read the following post to get the answers. #drive #filesystem #recognized
Techcrafter

Techcrafter

0 likes

You need TikTok ?
Here is how you can download TikTok if you need help with and apple phone just ask me I can help with Apple phone you need to change your region on the Apple Pay store
Ali

Ali

10 likes

Turn Jumbled Ideas into a Content Plan
A cozy creator prompt for sorting through messy thoughts when your brain feels too full to start. Use AI to organize what’s already in your head into clear themes, possible post ideas, and one simple place to begin. Perfect for overwhelmed creators who need a softer way to plan content without sta
Bytes' Atelier

Bytes' Atelier

6 likes

A few updates to my journal 🖤🤗
#journalthrough #journal
mal<3

mal<3

16 likes

for the low energy days frfr
Some days I don’t need a 10-step productivity system. I need something gentle enough for a tired brain. Here are 3 AI prompts I use when I’m overwhelmed: 1. “Help me pick the 3 most important things I need to do today. Keep it realistic.” 2. “Turn this messy brain dump into a simple checkli
Bytes' Atelier

Bytes' Atelier

9 likes

How to Make a Dyson Sphere in Sandboxels
#dysonsphere #science #sciencegames #gaming #pixelart
R74n

R74n

7 likes

A colorful Disney tattoo of Stitch from Lilo & Stitch on an arm, featuring a watercolor-style blue and purple splatter background. The character is depicted with a wide, happy grin and outstretched arms, showcasing a vibrant and playful design.
A Disney tattoo on an arm featuring Thumper from Bambi, sitting among purple and blue flowers and tall grass. The tattoo includes the text "Macushla R.I.P. Johnny" below the character, rendered in a traditional tattoo style.
A traditional-style Disney tattoo on a leg depicting Esmeralda from The Hunchback of Notre Dame. She is shown in a flowing purple dress, holding a large crescent moon or hoop, surrounded by golden stars. The text "From my flash! Tiny blast over" is visible.
🏰✨Disney Tattoos✨🏰
Did you know, I’m a HUGE Disney nerd! It’s always a treat whenever I get to do something based on Disney, small or big, flash or custom 🥰 Here’s just a small compilation of some of my favorites! #disney #disneytattoo #tattoo #tattooartist #traditionaltattoo
Malware 🔜 FC

Malware 🔜 FC

378 likes

I wasn’t planning on making this.. but HISTORY ISN’T A MEME, and it isn’t a vibe! CONTEXT MATTERS! OH..and, If we’re going to make comparisons, we need to understand what we’re actually talking about— and why these patterns F-ING MATTER‼️ #PoliticalTikTok #GenZForChange #FYP #ourlifeintherain
Reality: Our Life In The 🌈

Reality: Our Life In The 🌈

3 likes

Windows Tools - Part 1: Task Manager
💻 Windows Tools Every IT Professional Should Know 🩷 Part 1: Task Manager Task Manager is one of the first tools many IT professionals learn to use—and for good reason. Whether you’re troubleshooting a slow computer, investigating high resource usage, reviewing startup applications, monitorin
ITwDee

ITwDee

9 likes

How I cope with anxiety & panic attacks
Honestly I could go on forever with helpful tips and tricks! As someone who has struggled with anxiety I know how hard some days can be. How do you cope?❤️ #HealthTips #Lemon8Diary #fyp #anxiety #relatable #trending
Soph 🍒

Soph 🍒

40 likes

Elite Hacker Destroyed His Empire By Forgetting On
Bro, I really forgot to use a VPN 💀 #hacker #cybercrime #fail #tech #arrestedstupidly
arrestedstupidly

arrestedstupidly

1 like

The Podcast Invite Scheme! Always remember - it’s not your fault ♥️ this happens to so many people. Most importantly: STAY SUSPICIOUS OF EVERYTHING 🥰💕 #podcastinvite #podcast #creator #storytime #scheme
Chloe

Chloe

70 likes

This is the newest way people are getting hacked and if you use AI to answer your questions and give you advice, you need to watch this.Thanks to Huntress for reporting this Follow for more
Cybersecurity Girl

Cybersecurity Girl

15 likes

How to control anxiety or panic attacks 🙏
I’ve been having a really hard time of convincing myself that I may have a bad habit of controlling my anxiety. Please help a girly out! It might be more than just anxiety because of past trauma but any advice would do. #helpagirlout #anxietycontrol #advice
Janel Williams

Janel Williams

19 likes

One Perfume = One prompt
Use AI to turn a favorite scent into content. Your perfume shelf can be a content bank. Pick one fragrance and describe the bottle, notes, mood, or memory behind it. Then ask AI to turn it into post ideas you can actually use. This is for creators who want content that feels personal, aest
Bytes' Atelier

Bytes' Atelier

16 likes

THURSDAY | 7 MAY 2026 | Cybersecurity Remote
The world is glitching, but we’re staying tuned. From the depths of the Atlantic to the edge of the atmosphere, here’s what’s hitting the desk today: 🌊 Undersea Intercept: A sophisticated tap on North Atlantic fiber cables is siphoning raw data. London to NYC latency is spiking. The physical
Cyber F.M.

Cyber F.M.

2 likes

Oscar Esparza Hacker

Oscar Esparza Hacker

0 likes

Former NFL Star Chris Johnson Reveals ALS Diagnosis at 39 Former NFL running back and three-time Pro Bowler Chris Johnson has revealed that he has been diagnosed with Amyotrophic Lateral Sclerosis (ALS), also known as Lou Gehrig’s disease. The 39-year-old shared that one of the first symptoms
Mahya0531

Mahya0531

0 likes

THE HASHTAGS ARE FOR ATTENTION! COMMENT YOUR FAVE FLAVOR OF JUICE OR SOMETHING! #wlw #techtok #blacktechtok #fyp
Bre’ 🍉🇨🇩🇵🇸

Bre’ 🍉🇨🇩🇵🇸

2 likes

Squid Game Cookies in Sandboxels
#game #gaming #baking #squidgame #dalgona #games
R74n

R74n

87 likes

📍USB Write Protected? Fix It Instantly
Seeing “The disk is write-protected” error on your USB drive? This quick guide shows how to remove write protection and regain full access to your files. Learn how to check the physical lock switch, use DiskPart commands, repair file system errors, and fix registry issues step by step. Many cases a
XanthusTechCore

XanthusTechCore

5 likes

Day 29: 31 Days to a Safer You ‼️ Warning: 183M New and Old Passwords Just Leaked… do this ASAP‼️ Follow for more #news #technews #databreach
Cybersecurity Girl

Cybersecurity Girl

13 likes

☕️ messy notes ??
Turn your chaotic brainstorming into clear, actionable steps! This prompt helps you organize thoughts and find a gentle path forward. Copy & paste your brain dump and let AI do the heavy lifting #AIPrompts #NotionAI #OrganizedThoughts #aipromptsforbusiness
Bytes' Atelier

Bytes' Atelier

6 likes

A white card titled "Card 1: AI-Powered Morning Routine Designer" on a wooden table, next to a steaming cup of tea, an open notebook, and a succulent. The card details a use case for designing a gentle, effective, and cozy morning routine using AI.
A white card titled "Card 2: Weekly Review & Reflection with AI Insights" on a wooden table, surrounded by a succulent, a notebook, and a "COZY" mug. The card describes a use case for conducting a reflective weekly review with AI to optimize workflow.
A white card titled "Card 3: Distraction-Free Focus Space AI Setup" on a wooden table, with a steaming cup, notebook, and pen. The card outlines a use case for creating a Notion focus mode for deep work, minimizing friction and maximizing flow.
🎨 Cozy Notion AI Prompt Pack: OS Lessons
Transform your Notion workspace with this cozy prompt pack! Learn how to use Notion AI with lessons from my personal operating system for gentle productivity and effortless organization. Perfect for beginners looking to integrate AI into their daily flow. #Notion #NotionAI #Productivity #
Bytes' Atelier

Bytes' Atelier

4 likes

You Won’t Expect This
You Won’t Expect This #thenewearth #newearth #earth #multidoimensional #dimension
Smooth DoubleB

Smooth DoubleB

0 likes

China Checkmate to the US #igorkryan #chinapower #checkmate #taiwaninvasion
Igor Kryan

Igor Kryan

3 likes

#fy #fyp #fypシ゚viral #horrorgame Just tired of getting jumped😭, go subscribe to my YT channel.
dis-MALware

dis-MALware

3 likes

A person with long dark hair and a straw hat walks through a sunny public square. Overlay text reads "CYBERSECURITY CAREER Tips to get started," introducing advice for a career in cybersecurity.
A person in a white dress walks on a path next to green bushes. Overlay text advises to "Build a Strong Technical Foundation" by learning networking basics, operating systems, and scripting languages.
People walk across a street with benches and trees in the background. Overlay text suggests to "Get Hands-On Experience" through CTF competitions, cybersecurity challenges, and setting up a home lab.
Tips for pursuing a career in cybersecurity
1. Build a Strong Technical Foundation A solid understanding of systems, networks, and programming is essential for identifying and mitigating security threats. • Learn networking basics (e.g., TCP/IP, firewalls, VPNs). • Gain familiarity with operating systems (Windows, Linux)
vedha | career tips (tech) 👩‍

vedha | career tips (tech) 👩‍

137 likes

Cannot Upgrade to Windows 11? TPM 2.0 Not Enabled?
Having trouble upgrading to Windows 11 because TPM 2.0 isn’t enabled? 🤔 Don’t worry — I’ll show you how to check and enable TPM 2.0 step by step, so you can upgrade smoothly! #TechTips #windows #AskLemon8 #windows 11 #windows10
Moon Bureau

Moon Bureau

1 like

Happy Pride 🌈 Smell Gay 💋
KST is a true fragrance artist! and my clients are addicted to the Banana Milk Coffee. They have told me it's the perfect summer coffee scent. Other clients like Gay Oppa and P*ssy Power more. And I know they plan on wearing them to pride events ⭐️Overall rating: 10/10 #bananaperfumes
✨ Malware Noir ✨

✨ Malware Noir ✨

1 like

This video has been sitting in my drafts since 2025. Not because it wasn’t good, but because I waited for “perfect.” Just the same way we take the perfect picture and over staring at it, opens up the imperfections in the photo🤣🤣🤣 Today, I realized the message in this video still matters: persona
Abby❤️💎

Abby❤️💎

1 like

An illustration featuring a laptop, smartphone, tablet, and printer on a desk, with a potted plant. The image has a teal background and white text that reads "CYBER SECURITY LIFE HACKS AND CHEATCODES."
A comprehensive list of various cybersecurity job roles and career paths, categorized by areas such as Security Code Auditor, Architecture, Networking, Audit, Cloud, Offensive, Operations, Compliance, Education, Privacy, Engineering, Sales, Generalist, Threat, and Governance.
An infographic titled "SECURITY TECHNOLOGIES" illustrating nine cybersecurity concepts: Firewall, IDS, IPS, XDR, EDR, Honeypot, SIEM, DLP, and VPN, each with a cartoon child and a brief description of its function.
This could help you in the long run in cyber
#unfiltered #lemon8challenge As someone who has been in tech for now 5 year and just recently started into cybersecurity 💻 here are some like codes and hack that can help you in school and to also break into tech like myself‼️ #cybersecurity #womenintech #blackwomenintech #Lemon8 #l
Affinity B

Affinity B

235 likes

Reusable AI Prompts for Dashboards, Databases...
Notion Skills Prompt Pack for turning your ideas into reusable Notion AI workflows. Includes 5 prompt cards for dashboards, databases, workflows, projects, and content planning. Save each prompt as a Notion page, mark it as a Skill, and reuse it whenever you need a simple system. #aiprompts #ai
Bytes' Atelier

Bytes' Atelier

10 likes

watch the whole video like share and follow me
#fypシ
John Damico

John Damico

1 like

See more