Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
AsyncRAT Campaign Leverages ScreenConnect to Evade Detection
July 2, 2026
AsyncRAT Campaign Exploits Cloudflare Tunnels and Python for Malware Delivery
July 2, 2026
New Microsoft 365 Phishing Uses OAuth Device Code Flow to Steal Tokens
July 2, 2026
Home/CyberSecurity News/Phishing Campaign Uses Maduro Arrest Story to Deliver Backdoor Malware
CyberSecurity News

Phishing Campaign Uses Maduro Arrest Story to Deliver Backdoor Malware

Cybercriminals are exploiting the recent arrest of Venezuelan President Nicolás Maduro to distribute sophisticated backdoor malware. The threat actors exploited news surrounding Maduro’s arrest on...

Marcus Rodriguez
Marcus Rodriguez
January 10, 2026 2 Min Read
68 0

Cybercriminals are exploiting the recent arrest of Venezuelan President Nicolás Maduro to distribute sophisticated backdoor malware.

The threat actors exploited news surrounding Maduro’s arrest on January 3, 2025, demonstrating how geopolitical events continue to serve as effective lures for malicious campaigns.

The attack likely begins with a spear-phishing email containing a zip archive named “US now deciding what’s next for Venezuela.zip”.

Inside, victims find an executable file titled “Maduro to be taken to New York.exe” alongside a malicious dynamic-link library called “kugou.dll”.

 DLL called with LoadLibraryW
 DLL called with LoadLibraryW

The executable is a legitimate KuGou binary, but has been weaponized via DLL hijacking to load the malicious library, according to Darktrace security researchers.

Malware Behavior

Once executed, the malware creates a directory at C:ProgramDataTechnology360NB and copies itself, renaming the files.

 Folder “Technology360NB” created
 Folder “Technology360NB” created

It establishes persistence by adding a registry key at “HKCUSoftwareMicrosoftWindowsCurrentVersionRunLite360” that runs automatically at system startup.

The malware then displays a dialog box prompting users to restart their computer, which triggers the malicious payload.

Message box prompting user to restart
Message box prompting user to restart

After the system restarts, the malware initiates regular encrypted connections to a command-and-control server at 172.81.60[.]97 on port 443.

These periodic connections enable the malware to receive instructions and configurations from the attackers.

The campaign shares similarities with previous operations by Mustang Panda, a Chinese threat group known for exploiting current events such as the Ukraine war, Tibet-related conventions, and Taiwan-related topics.

However, researchers note that there is insufficient evidence to attribute this activity to any specific group definitively.

This incident highlights the ongoing threat of geopolitical-themed phishing campaigns.

Organizations and individuals should exercise extreme caution when opening email attachments, especially those referencing breaking news or world events.

Indicators of Compromise (IoCs)

  • 172.81.60[.]97
  • 8f81ce8ca6cdbc7d7eb10f4da5f470c6 – US now deciding what’s next for Venezuela.zip
  • 722bcd4b14aac3395f8a073050b9a578 – Maduro to be taken to New York.exe
  • aea6f6edbbbb0ab0f22568dcb503d731  – kugou.dll

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackExploitMalwarephishingSecurityThreat

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Europol‑Backed Operation Leads to 34 Arrests in Black Axe Crime Network Bust

Next Post

BreachForums Hack: Hackers Expose All User Records from Popular Dark Web Forum

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Citrix Bleed (CVE-2023-4966) Critical Vulnerability Actively Exploited
July 2, 2026
DHS Confirms Breach of HSIN Information Sharing Network
July 2, 2026
ChatGPT Flaw Exposes User Files, Poses System Access Risk
July 2, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us