Cyber Security News

New Malware ‘Desert Dexter’ Hits Over 900 Victims Worldwide

A newly discovered malicious campaign dubbed “Desert Dexter” has infected approximately 900 victims across multiple countries, primarily in the Middle East and North Africa.

The Positive Technologies Expert Security Center (PT ESC) uncovered the operation, which has been active since September 2024.

The threat actors behind Desert Dexter employ a multi-stage attack chain that leverages social media platforms, legitimate file-sharing services, and geopolitical lures to distribute a modified version of the AsyncRAT malware.

The campaign’s sophistication lies in its use of Facebook* advertisements and Telegram channels masquerading as reputable news agencies to disseminate malicious content.

Desert DexteDesert Dexte
Map of detected ad posts

Innovative Tactics and Technical Details

The initial infection vector involves enticing victims to download RAR archives containing malicious scripts from either files.fm or specially created Telegram channels.

Desert DexteDesert Dexte
Message containing a malicious archive in a Telegram channel

These scripts, written in various languages including JavaScript, batch, and PowerShell, work in concert to execute the final payload a customized AsyncRAT variant.

This modified AsyncRAT incorporates several notable features:

  1. A custom reflective loader written in C# for injecting the malware into legitimate Windows processes.
  2. An offline keylogger that logs keystrokes and active process names to a temporary file.
  3. An enhanced IdSender module capable of detecting cryptocurrency wallet extensions and applications.

The malware establishes persistence by manipulating Windows registry run keys and employs DDNS domains resolving to VPN service IP addresses for command and control communication.

Geopolitical Context and Victim Profile

According tot the Report, Desert Dexter’s campaign exploits the volatile political climate in the targeted regions, using alleged leaks of confidential data as bait.

The majority of victims appear to be ordinary users, though some infections have been detected in critical sectors such as oil production, construction, and information technology.

The threat actors’ focus on cryptocurrency-related data suggests financial motivation, although the true extent of their objectives remains unclear.

As geopolitical tensions continue to fuel cyber operations in the Middle East and North Africa, Desert Dexter serves as a stark reminder of the evolving threat landscape in these regions.

Security researchers continue to monitor Desert Dexter’s activities, emphasizing the need for heightened cybersecurity awareness and robust defense measures against such sophisticated social engineering tactics and malware deployment strategies.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free

Aman Mishra

Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

23 minutes ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

26 minutes ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

30 minutes ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

33 minutes ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

4 hours ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

5 hours ago