InfoSecBulletin Cybersecurity for mankind
BGD e-GOV CIRT found a cyber-attack campaign using AsyncRAT (Asynchronous Remote Access Trojan) aimed at Bangladesh. Threat analysis shows that the website ck44jili[.]com is a main Control Center (C2) for the AsyncRAT malware.
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Critical Cisco ISE Vulnerability Enables Remote Code Execution
F5 Patches NGINX Flaw for Code Execution and DoS Attacks
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally
The campaign mixes malware, remote access, and fake financial tricks. Attackers hide harmful files as real software and run fake online gambling sites aimed at users in Bangladesh.
Of particular concern, the malicious infrastructure appears designed to socially engineer Bangladesh-based victims through localized payment mechanisms including bKash, Nagad, and Rocket, increasing the likelihood of successful financial fraud and malware infection.
The analysis shows that the malware pretends to be a WinRAR program (winrar-x64.exe) but actually works as AsyncRAT v0.5.8, allowing complete remote control of infected computers.
Threat actors appear to leverage Bangladesh-specific payment channels, increasing victim trust and improving fraud success rates. The campaign targets banking & fintech, telecom, e-commerce, government users and enterprise employees.
CIRT identified the following IP Addresses related to the campaign 172.67.211.32, 23.195.81.33, 23.195.81.41, 23.195.81.9, 52.111.243.31 and 2600:4700:3031::ac43:d320.
CIRT advises that organizations must act quickly against AsyncRAT infections. They should block harmful domains and suspicious ports, isolate infected systems, and keep evidence for investigation. Security measures should include scanning devices for AsyncRAT signs, removing harmful scheduled tasks, resetting hacked passwords, and checking startup entries for any unauthorized action. Also, network defenses should improve by limiting outgoing traffic to unknown ports, using DNS filtering, checking proxy and network logs for strange activity, and blocking known harmful servers.
Related News:
Bangladeshi “RapidLogX” Helps Unmask Real Scammers with 20+ Data Points
‘NB’ app scam in Bangladesh; Thousands lost; 30 complaints to police
BGD e-GOV CIRT offically colaborated with “Have I Been Pwned”
