CastleLoader malware infects systems using fake GitHub pages and phishing campaigns

---

Full Story

A new malware strain called CastleLoader has infected 469 systems using deceptive developer tools and phishing schemes. It reportedly spreads Remote Access Trojans (RATs) and information-stealing software.

According to cybersecurity experts, CastleLoader mimics trusted GitHub repositories and uses PowerShell to execute its code. The malware has proven to be stealthy and adaptable in its spread.

MEDIA REPORTING

See how news sources on all sides are covering this story.

Left 29% | Right 24% | Center 35% | Unrated 12%

The Context

CastleLoader uses social engineering tactics, drawing users to fake developer tools through fraudulent websites. These methods increase the chance of infiltration without raising immediate red flags.

Remote Access Trojans allow attackers to control infected systems remotely, often without detection. Stealers are designed to extract passwords, credentials, and other sensitive data from the host system.

CastleLoader’s use of PowerShell enables it to bypass many traditional antivirus programs. The reliance on trusted software names makes the attack especially deceptive.

Malware campaigns like this often exploit user trust in well-known platforms such as GitHub. By hijacking developer workflows, attackers gain access to valuable systems and networks.

While 469 confirmed infections have been reported, the actual number could be higher due to delayed detection. Victims may include individuals and businesses who downloaded malicious files unknowingly.

Cybersecurity professionals urge increased vigilance when downloading tools from unofficial sources. Protecting systems requires strict verification protocols and awareness of phishing tactics.