Malware Madness: DslogdRAT Strikes Ivanti Connect Secure Users!

A new foe named DslogdRAT has emerged, exploiting a zero-day in Ivanti Connect Secure. JPCERT warns this malware and its web shell sidekick are sneaking into Japanese networks, working like clockwork from 8 to 8 to avoid detection. Remember, folks, it’s not just the early bird that catches the worm—it’s also the well-timed hacker!

3P
Published: April 25, 2025 6:41 pmAdded: April 25, 2025 at 11:52 amAssembled by: The Editor
Pro Dashboard

Hot Take:

DslogdRAT is the malware equivalent of a stealthy office worker who only shows up from 8 to 8, blending in perfectly with the corporate crowd while wreaking havoc behind the scenes. And let’s not forget about the zero-day exploit in Ivanti Connect Secure—because who doesn’t love a good buffer overflow that turns your IT department into a circus?

Key Points:

– New malware, DslogdRAT, exploits a zero-day vulnerability in Ivanti Connect Secure.
– Vulnerability CVE-2025-0282 has a CVSS score of 9.0, indicating severe risk.
– Attackers use Perl-based CGI web shells to execute commands and run DslogdRAT.
– DslogdRAT uses XOR encoding for C2 communication, operating only during business hours.
– APT group Silk Typhoon is exploiting this vulnerability, targeting IT supply chains.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?