Threat Advisories:
Highlights of Our CISO Dinner
Upgrading struggling vulnerability management programs to Threat Exposure Management, with Host, CISO Al Lindseth formerly from Plains All American Pipeline and PWC - 6 minute podcast
0:00
0:00
👥 Play Count: Loading...

DarkCloud Uses Fileless Techniques Turning into a Nightmare for Windows

Amber | Attack Report
Download PDF

DarkCloud, a Windows-based information stealer first detected in 2022, resurfaced in 2025 with new delivery and obfuscation tactics, including ConfuserEx-protected files and a VB6 payload. Spread mainly via phishing emails with malicious RAR attachments, it uses JavaScript and PowerShell to deploy a fileless .NET DLL, gain persistence, and inject its payload into MSBuild.exe, stealing browser credentials and payment data for exfiltration via FTP or SMTP.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox