Empowering the world’s largest organizations to manage and protect their mission-critical networks.

Whole new malware framework advertised across the web

Cisco Talos researchers have discovered a dangerous new malware framework called PS1Bot. Active since early 2025, this sophisticated…

Cybersecurity researchers have discovered a new malvertising campaign designed to infect victims with a modular malware framework called PS1Bot. This campaign leverages malicious advertisements to deliver PS1Bot, which is engineered with a modular architecture to perform various malicious activities. PS1Bot's modular design allows it to execute multiple malicious functions, including data theft, keystroke logging, reconnaissance, and establishing persistence on infected systems. The use of malvertising in this campaign is significant as it exploits the trust users place in online advertisements, making it an effective method for malware distribution. The modular nature of PS1Bot enables attackers to dynamically update its capabilities, making it a versatile and persistent threat. Once infected, PS1Bot can download additional modules to adapt to different environments and evade detection. Its ability to establish persistence ensures that it remains on the infected system, even after reboots or attempts to remove it. The impact of this campaign on the cybersecurity landscape is notable due to the challenges posed by modular malware frameworks. These frameworks are difficult to defend against because of their adaptability and the complexity in detecting all possible modules. Organizations should consider adopting a multi-layered defense strategy that includes real-time monitoring, endpoint detection and response (EDR) solutions, and regular security updates to mitigate such threats. Expert insights highlight the need for advanced threat detection and response capabilities to combat evolving threats like PS1Bot. Cybersecurity professionals should enhance their threat intelligence and share indicators of compromise (IOCs) to stay ahead of such threats. Additionally, educating users about the risks of malvertising and the importance of avoiding suspicious ads is crucial.

Eyal Estrin unread, 10:54 AM (13 minutes ago)    to https://blog.talosintelligence.com/ps1bot-malvertising-campaign/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog: https://security-24-7.com | Books: https://amzn.to/42Xai9A | https://amzn.to/3Sggbtv Twitter: @eyalestrin | Bluesky: @eyalestrin.bsky.social

Cisco Talos researchers have uncovered a new, sophisticated malware framework named PS1Bot, active since early 2025. This PowerShell-based malware is distributed through malvertising attacks, which often exploit vulnerabilities in browsers or plugins to deliver malware without user interaction. PS1Bot is designed to steal cryptocurrencies by targeting users' crypto wallets and compromising sensitive information. The primary impact of this malware is financial loss due to the theft of cryptocurrencies, posing a significant threat to users' financial security. The use of PowerShell by PS1Bot is particularly concerning as it is a legitimate administrative tool present in Windows environments, making it harder to detect malicious activities. Malvertising as an attack vector highlights the ongoing challenge of malicious ads in online spaces, where even reputable websites can inadvertently serve malicious ads. The malware's focus on cryptocurrency wallets underscores the increasing value and attractiveness of digital currencies to cybercriminals. This trend suggests that attackers are investing in more advanced and targeted tools to exploit the growing cryptocurrency market. For cybersecurity professionals, the emergence of PS1Bot emphasizes the need for robust defenses against malvertising and advanced malware. This includes deploying ad-blocking solutions, educating users about the risks of clicking on ads, and implementing advanced endpoint detection and response (EDR) solutions capable of monitoring PowerShell activity. Moreover, organizations should ensure their web filtering solutions are up-to-date to block known malicious domains. Regular security awareness training for users can also help mitigate the risk of falling victim to such attacks. In conclusion, PS1Bot represents a significant threat to cryptocurrency users and highlights the evolving tactics of cybercriminals. Cybersecurity professionals must stay vigilant and proactive in their defense strategies to protect against such advanced malware threats. The use of living-off-the-land techniques by malware like PS1Bot underscores the importance of behavioral analysis and anomaly detection in modern cybersecurity defenses.

PS1Bot malware targets Windows via malvertising, using PowerShell+C# for stealthy info theft, modular design, and in-memory execution.

Cisco Talos researchers have uncovered PS1Bot, a malware framework spreading like gossip at a family reunion. Since early 2025, it's been stealing cryptocurrency wallets, passwords, and more through malvertising. This sneaky software uses in-memory execution, making it tough to catch, and is constantly evolving like your aunt's potato salad recipe.

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Introduction Cybersecurity experts are sounding the alarm as a sophisticated malware campaign, active throughout 2025, continues to exploit unsuspecting users through malvertising and SEO poisoning. This campaign leverages a PowerShell-based framework named PS1Bot, capable of stealthy and highly modular operations. Unlike conventional malware, PS1Bot is designed for persistence, adaptability, and extensive data theft, making it a growing threat for individuals, businesses, and cryptocurrency users alike.

Cybersecurity researchers have discovered a new malvertising campaign that's designed to infect victims with a multi-stage malware framework called PS1Bot. "PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious activities on infected systems, including information theft, keylogging, reconnaissance, and the establishment of persistent system

PS1Bot malvertising campaign uses in-memory PowerShell attacks since early 2025, enabling stealth data theft.

A Rising Threat in the Digital Shadows A new cyber weapon is making headlines in 2025, and it is far more dangerous than the average malware. Cisco Talos has uncovered a highly advanced campaign using a malicious framework called PS1Bot, targeting Windows systems globally. Unlike common info-stealers, this PowerShell and C hybrid is designed for financial espionage, zeroing in on cryptocurrency wallets, sensitive financial data, and personal information.

The PS1Bot malware campaign is hitting 2025 like a cybersecurity sitcom, using malvertising to deliver a PowerShell-based framework. This digital mischief-maker excels in stealing sensitive info, keylogging, and screen capturing, all while maintaining persistence. It's like the Swiss Army knife of malware, evolving faster than your favorite TV series!

An ongoing malware campaign has been observed using malvertising to deliver PS1Bot, a PowerShell-based framework