Curly COMrades: The Sneaky Hackers Making Virtual Machines Cool Again (For All the Wrong Reasons)
Curly COMrades, the digital mischief-makers, have embraced virtualization to dodge security like pros. They’re using Hyper-V to run a sneaky lightweight Alpine Linux VM. Their secret weapons? CurlyShell and CurlCat – malware siblings that are like the Laurel and Hardy of cyber trickery, executing commands and tunneling traffic with comedic precision.
Hot Take:
In a dazzling display of cunning and virtual acrobatics, the Curly COMrades are proving that they can dance circles around traditional security systems. By setting up shop in a virtual environment, they’re the cybersecurity equivalent of a magician pulling a bunny out of a hat – except the bunny is a reverse shell, and the hat is a Hyper-V container. Move over Houdini, there’s a new act in town!
Key Points:
- Curly COMrades are exploiting virtualization to bypass security and execute custom malware.
- They use Hyper-V to deploy a minimalistic, Alpine Linux-based virtual machine.
- Their toolkit includes tools like CurlCat, RuRat, Mimikatz, and MucorAgent.
- They’ve been active since late 2023, targeting regions like Georgia and Moldova.
- CurlyShell and CurlCat are central to their activities for executing and funneling data.