In May 2025, a U.S. accounting firm fell victim to a stealthy cyberattack that used a convincing disguise, a fake new client requesting urgent help through a PDF. Hidden within the file was a ZIP archive containing malware protected by a tool called Ghost Crypt, designed to slip past antivirus defenses. Once opened, the malware quietly installed PureRAT, a remote access trojan capable of stealing sensitive information, including data from crypto wallets and desktop apps. The attackers used clever techniques like sideloading, memory injection, and encrypted communications to stay hidden and maintain control. Highlighting how attackers are combining social engineering with advanced malware to target businesses with valuable data.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox
