Surge in Credential Theft and Remote Access: The Rise of AllaKore, PureRAT, and Hijack Loader

TL;DR

• Mexican organizations are under sustained attack from threat actors deploying modified versions of AllaKore RAT and SystemBC.
• The financially motivated hacking group Greedy Sponge is believed to be behind these extensive campaigns targeting various sectors.

Introduction

Mexican organizations continue to be targeted by threat actors deploying a modified version of AllaKore RAT (Remote Access Trojan) and SystemBC. This ongoing campaign, attributed to the financially motivated hacking group Greedy Sponge, has been active since early 2021. The group indiscriminately targets a wide range of sectors, including retail and others, highlighting the urgent need for enhanced cybersecurity measures¹.

Key Findings

• AllaKore RAT: This Remote Access Trojan allows attackers to gain unauthorized access to and control over infected systems. The modified version being used in these attacks includes enhanced capabilities for evading detection.
• SystemBC: This malware functions as a backdoor, enabling persistent access to compromised networks. When combined with AllaKore RAT, it creates a formidable threat to organizational security.

Industries Affected

The campaign targets various sectors, including:

• Retail: High-value targets for financial gain.
• Other Sectors: The indiscriminate nature of the attacks suggests a broad approach to maximize potential gains.

Conclusion

The sustained and evolving nature of these attacks underscores the importance of robust cybersecurity measures. Organizations must remain vigilant and proactive in their defense strategies to mitigate the risks posed by threat actors like Greedy Sponge.

For further insights, check:

• The Hacker News: Credential Theft and Remote Access Surge.

References

1. The Hacker News (2025). “Credential Theft and Remote Access Surge”. The Hacker News. Retrieved 2025-07-22. ↩︎