Latest CastleRAT news

CastleRAT abuses Deno runtime for fileless delivery in ransomware-linked ClickFix chain

by Artem Safonov March 17, 2026

A five-stage chain uses ClickFix social engineering and the Deno JavaScript runtime to load CastleRAT entirely in memory. ThreatDown calls it the first Deno abuse in malware. Velvet Tempest already deployed CastleRAT in a 12-day ransomware staging operation.

Menu

Latest CastleRAT news

CastleRAT abuses Deno runtime for fileless delivery in ransomware-linked ClickFix chain

Latest News

Editor's Choice

Menu

Latest CastleRAT news

CastleRAT abuses Deno runtime for fileless delivery in ransomware-linked ClickFix chain

Latest News

Editor's Choice

Stay informed on cybersecurity