The Register: Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python

Sep 5, 2025

—

Source URL: https://www.theregister.com/2025/09/05/clickfix_castlerat_malware/
Source: The Register
Title: Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python

Feedly Summary: Pro tip, don’t install PowerShell commands without approval
A team of data thieves has doubled down by developing its CastleRAT malware in both Python and C variants. Both versions spread by tricking users into pasting malicious commands through a technique called ClickFix, which uses fake fixes and login prompts.…

AI Summary and Description: Yes

Summary: The text discusses security risks associated with the installation of PowerShell commands without proper approval, highlighting a recent development in malware known as CastleRAT, which spreads through social engineering tactics. This is particularly relevant for professionals in information security and software security, as it underlines the importance of user awareness and robust security protocols.

Detailed Description:

– The text emphasizes a critical security practice: avoiding the installation of PowerShell commands without prior approval. This is particularly relevant in enterprise environments where users may inadvertently introduce vulnerabilities.
– It introduces CastleRAT, a newly developed malware that operates in both Python and C variants, indicating the flexibility and adaptability of cyber threats.
– The malware employs a social engineering technique known as ClickFix, which tricks users into executing malicious commands. This method relies on fake fixes and login prompts to deceive users.

Key Points:
– **Social Engineering Threats**: Emphasizes the increasing complexity of cyberattacks that exploit user behavior.
– **Multilingual Malware**: The existence of CastleRAT in multiple programming languages suggests that attackers can target a broader range of systems and environments.
– **User Awareness**: Reinforces the importance of training users to recognize malicious prompts and avoid executing unknown commands.
– **Security Protocols**: Highlights the need for organizations to implement stringent controls regarding the execution of scripts and commands, particularly in unmonitored environments.

Overall, the text serves as a cautionary note for security and compliance professionals, signaling the evolving tactics of cyber adversaries and the importance of fostering a culture of vigilance against social engineering threats.

2 2025 5 a Act adaptability ads age AI All and app Aria art as at ated attack attacker attackers attacks aware awareness Behavior Bi bot by C caution CI CIA ClickFix co Col command complexity compliance compliance professionals control controls critical culture cyber cyber adversaries cyber threat cyber threats cyberattack Cyberattacks D data de development Double e Engineer engineering enterprise enterprise environments environment environments ERP execution exp exploit fixes flexibility for g Gen GIS H high Highlight HR http HTTPS in Inforce information information security installation io Iron k Key l Lance language led Li line M malicious commands malware man Monitor multi Multil multilingual N new no o of on ons OPM organization organizations oS out over pay per point Power PowerShell PowerShell commands pre pro professionals programming programming language programming languages prompt prompts protocol protocols ps Py Python Q R rate RCE re red Risk risks Ro robust security RoT RSA s sec security security and compliance security protocols security risk security risks shell commands Sig Signal size sizes SoC social social engineering social engineering tactics software software security source SSE SSO system systems T tactics target team tech ted text the threat threats to Tor TP training under US use user User Awareness user behavior Users V val version vigilance vulnerabilities Ware Wi x yt z