Fake WinDirStat & LightShot Apps Deliver Go Backconnect Proxy Malware
Fake WinDirStat & LightShot Apps Deliver Go Backconnect Proxy Malware PUBLIC RESEARCH — DEFENSIVE ANALYSIS Fake WinDirStat & LightShot Apps Deliver Go Backconnect Proxy Malware Sample SHA-256 09049e365c86e0bc6192fb1601d0fbe6bf2235f9f3e26ea1c83e26f41d041530 ASAR SHA-256 0efb10e5e2c77be36bbce5375a9e862c205b4837a951f0df62266370c75a26ed Analysis Date 2026-05-02 Analyst Static / Dynamic / Malcat MCP Threat Level Critical Table of Contents Executive Summary Public Release Notes File Overview & Metadata YARA Signature Hits Malcat Kesakode Corroboration VirusTotal Vendor Detections Related Samples & Campaign Expansion sandbox Sandbox Corroboration Independent Static Validation: REMnux MCP Attack Chain — Electron Trojan Loader Related OSINT: Fake WinDirStat Distribution C2 Infrastructure & Network Indicators Background Runtime...