Silver Fox, a China-linked cybercrime organization, has introduced MODBEACON, a sophisticated Rust-based remote access trojan (RAT). This group operates through a hybrid model, acting as both an "arms dealer" and a "traffic broker," utilizing SEO poisoning and counterfeit software installers to compromise targets across Asia, particularly within the education, technology, and state-owned sectors.
MODBEACON distinguishes itself through high-quality engineering, featuring a modular, plugin-based architecture and memory-resident capabilities. It employs advanced evasion techniques, including the reuse of transport layers from the open-source anti-censorship proxy framework V2Ray for its C2 communication via gRPC. Its core functions include host fingerprinting, persistence via scheduled tasks, and the ability to load additional payloads for lateral movement and data exfiltration.
Top comments (0)