Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
New MODBEACON RAT Leverages Encrypted C2 Traffic

New MODBEACON RAT Leverages Encrypted C2 Traffic

Posted on July 10, 2026 By CWS

The cybercrime group Silver Fox, known for its links to China, is being held responsible for a new remote access trojan (RAT) termed MODBEACON, developed using the Rust programming language. This development was disclosed by the Chinese cybersecurity firm QiAnXin, highlighting the sophisticated nature of the group’s operations.

Despite appearing as a low-grade operation, Silver Fox’s activities involve distributing malware through fake installers, utilizing SEO poisoning as a technique to spread their reach. QiAnXin points out that the group operates through a network of multiple distributors across Asia, using deceptive software installers to push variants of the Gh0st RAT and WinOS (ValleyRAT) trojan families.

MODBEACON’s Advanced Infrastructure

In mid-June 2026, a new campaign was detected, wherein a distributor used an undocumented modular RAT to target sectors such as technology, education, and state-owned enterprises. MODBEACON’s command-and-control (C2) infrastructure is strategically hosted on platforms like Amazon and Cloudflare’s Content Delivery Network (CDN).

The distributor functions as a hybrid threat actor, blending roles as a ‘cybercriminal arms dealer’ and ‘traffic broker.’ Their operations expand across Asia, focusing on daily SEO-driven fraud activities and disseminating advanced trojans. They also engage in rental of high-value access and establishing schemes targeting sectors like the Cambodian gambling industry.

Technical Architecture of MODBEACON

The campaign employs social engineering alongside custom malware and post-compromise tools to secure persistent access while avoiding detection. The malware resides in memory and acts as a remote implant, capable of loading additional modules, executing commands, and maintaining secure, encrypted communications.

QiAnXin describes the Trojan as a comprehensive C2 framework with separate loader and beacon components. The beacon utilizes a plugin-based architecture and relies on gRPC tunnel streaming for communication. Notably, it repurposes an open-source anti-censorship proxy framework’s transport layer as its C2 channel, demonstrating high engineering quality.

Impact and Future Outlook

Silver Fox’s latest campaign continues their trend of using counterfeit domains and fake installers to lure victims into downloading malicious ZIP files. The MODBEACON RAT is equipped with capabilities like host fingerprinting, in-memory plugin loading, heartbeat messaging, and scheduled task-based persistence.

The RAT’s functionalities support further information theft, lateral movement, proxy forwarding, and additional payloads. This disclosure highlights Silver Fox’s ongoing efforts to enhance their cyber arsenal, incorporating malware families like Atlas RAT, ABCDoor, RomulusLoader, and SilentRunLoader, indicating a continuous refinement of their malicious strategies.

The Hacker News Tags:C2 traffic, Cybercrime, Cybersecurity, gRPC, MODBEACON, QiAnXin, RAT, Rust-based malware, SEO poisoning, Silver Fox

Post navigation

Previous Post: CitrixBleed 2: Swift Path to Ransomware Threat
Next Post: Okta Alerts on Vishing Threat to Microsoft 365 Users

Related Posts

How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents The Hacker News
Click Studios Patches Passwordstate Authentication Bypass Vulnerability in Emergency Access Page Click Studios Patches Passwordstate Authentication Bypass Vulnerability in Emergency Access Page The Hacker News
China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware The Hacker News
Microsoft Defender Zero-Day Vulnerability Exposes System Access Microsoft Defender Zero-Day Vulnerability Exposes System Access The Hacker News
EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware The Hacker News
Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088 Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088 The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical Linux FUSE Flaw Allows Root Access
  • Laser Pulse Vulnerability in Tangem Wallets Exposes Security Risks
  • Critical GNU Guix Vulnerabilities Permit Remote Attacks
  • DHS Database Breach and Adobe’s Security Enhancements
  • WhatsApp-to-Host Attack via OpenClaw Flaws Detailed

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical Linux FUSE Flaw Allows Root Access
  • Laser Pulse Vulnerability in Tangem Wallets Exposes Security Risks
  • Critical GNU Guix Vulnerabilities Permit Remote Attacks
  • DHS Database Breach and Adobe’s Security Enhancements
  • WhatsApp-to-Host Attack via OpenClaw Flaws Detailed

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark