TAG-150 is a sophisticated threat actor that has been deploying CastleLoader, CastleBot, and the newly identified CastleRAT since March 2025, leveraging a multi-tiered infrastructure and advanced phishing tactics.| blog.polyswarm.io
Attackers keep availing the use of Windows shortcut (.LNK) files to deliver malware. These LNK files normally used as shortcuts […]| K7 Labs
Verticals Targeted: Financial Regions Targeted: Hong Kong, United Arab Emirates, Lebanon, Malaysia, Jordan Related Families: AsyncRAT, AwesomePuppet, Gh0st RAT Executive Summary GodRAT is a RAT derived from the Gh0st RAT codebase. It was observed targeting financial institutions via malicious .scr and .pif files distributed through Skype. Leveraging steganography and additional plugins like FileManager, GodRAT facilitates credential theft and system exploration.| PolySwarm Main Blog