Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT thehackernews.com/2025/04/p…

A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family called CurlBack RAT.

The activity, detected by SEQRITE in December 2024, targeted Indian entities under railway, oil and gas, and external affairs ministries, marking an expansion of the hacking crew’s targeting footprint beyond government, defence, maritime sectors, and universities.

“One notable shift in recent campaigns is the transition from using HTML Application (HTA) files to adopting Microsoft Installer (MSI) packages as a primary staging mechanism,” security researcher Sathwik Ram Prakki said.