Cybersecurity

UAC-0184 Malware Chain Uses bitsadmin and HTA Files for Gated Payload Delivery

1m read6 views0 listens

The article "UAC-0184 Malware Chain Uses bitsadmin and HTA Files for Gated Payload Delivery" discusses a sophisticated malware campaign that leverages legitimate Windows tools, such as bitsadmin, to deliver malicious payloads. Here are the key points:

Overview of the Campaign

Malware Name: UAC-0184
Initial Vector: Malicious HTA (HTML Application) files disguised as PDFs, Word documents, or Excel files.
Delivery Mechanism: Uses bitsadmin to download and execute malicious payloads.

Technical Details of the Attack

Initial Infection Vector:

The attackers use social engineering tactics to trick users into downloading malicious HTA files that appear legitimate (e.g., as PDFs, Word documents, or Excel files).
Once executed, these HTA files download additional components using bitsadmin.

Payload Delivery:

BITSAdmin: A Windows utility used for background file transfers. The attackers use this tool to download and execute malicious payloads in the background without user interaction.
Stage 1: Download of an initial payload ZIP archive from a C2 server.
Stage 2: Extraction and execution of components within the

Read the full article at Cyber Security News

Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.

The housing market is increasingly rewarding functionality over scarcity

The housing market is shifting from rewarding scarcity to valuing functionality, with mortgage rates influencing how markets adapt. This change highlights the importance of transaction efficiency over inventory levels alone, impacting how developers ...

Ali Nemati

Cybersecurity9 hours ago32 sec read

Microsoft Python Client DurableTask Compromised by TeamPCP Hackers

Security researchers disclosed that versions v1.4.1, v1.4.2, and v1.4.3 of Microsoft's official Python client for the Durable Task workflow execution framework were compromised with a credential-stealing worm by the TeamPCP threat group. This inciden...

Ali Nemati

Cybersecurity18 hours ago27 sec read

GitHub Source Code Breach - TeamPCP Claims Access to 4,000 Repositories

A threat actor known as TeamPCP claims to have stolen source code from approximately 4,000 private GitHub repositories, offering it for sale on the dark web. This incident highlights significant supply chain risks for developers, as TeamPCP has a his...

Ali Nemati

Cybersecurity20 hours ago30 sec read

The Gentlemen Strike E-Control Systems with Ransomware Attack

The ransomware group The Gentlemen claimed responsibility for a cyberattack against E-Control Systems on May 18, 2026, threatening to leak sensitive data unless negotiations begin. This breach of a California-based IoT leader underscores the critical...

Ali Nemati

Gaming23 hours ago31 sec read

Get a 48V 500W Adult Electric Scooter With 22-Mile Range and a Top Speed of 22mph for $165

The AOVOPRO TMAX electric scooter has reached a $165 price point, delivering a 500W brushless motor and 22-mile range via domestic US distribution. This aggressive pricing for high-performance mobility hardware signals a significant shift in the elec...

Ali Nemati

UAC-0184 Malware Chain Uses bitsadmin and HTA Files for Gated Payload Delivery

Overview of the Campaign

Technical Details of the Attack

Initial Infection Vector:

Payload Delivery:

Related Articles

The housing market is increasingly rewarding functionality over scarcity

Microsoft Python Client DurableTask Compromised by TeamPCP Hackers

GitHub Source Code Breach - TeamPCP Claims Access to 4,000 Repositories

The Gentlemen Strike E-Control Systems with Ransomware Attack

Get a 48V 500W Adult Electric Scooter With 22-Mile Range and a Top Speed of 22mph for $165