PureRAT: Attacker Now Using AI to Build Toolset

This Symantec analysis describes an active phishing campaign attributed to a likely Vietnamese cybercriminal actor using AI-assisted tooling to develop scripts and payloads; lures impersonate job offers and deliver PureRAT, HVNC and other malware via malicious ZIP/RAR attachments or cloud-hosted downloads, often employing executable/DLL sideloading and persistent Python-based loaders. The report includes multiple commented code samples (batch and Python), infrastructure and hosting domains/IPs, numerous file hashes, and recommended mitigations and detections, and notes the actor may be selling access to compromised networks.