indicators — Geek-Guy.com

Introduction This diary provides indicators from an unidentified RAT infection on Wednesday 2026-05-27 that was followed by a malicious NetSupport Manager RAT package. This originated from the SmartApeSG ClickFix campaign. I still don’t know the name of the initial RAT, but it has consistently been generating encoded (not HTTPS/SSL/TLS) traffic to a command and control…

AppOmni launches Marlin AI for autonomous SaaS security alert investigation

May 26, 2026

Marlin AI operates within the AppOmni platform, continuously analyzing security indicators across business-critical applications.

Understanding Trend Structure: Higher Highs and Lower Lows Explained

May 20, 2026

Before indicators, before oscillators, before anything that requires a formula – the market communicates through price structure. Peaks…

Lumma Stealer infection with Sectop RAT (ArechClient2), (Fri, Apr 17th)

April 16, 2026

Introduction This diary provides indicators from a Lumma Stealer infection that was followed by Sectop RAT (ArechClient2). I searched for cracked versions of popular copyright-protected software, and I downloaded the initial malware after following the results of one such search. This is a common distribution technique for various families of malware, and I often find…

SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2), (Wed, Mar 25th)

March 24, 2026

Introduction This diary provides indicators from the SmartApeSG (ZPHP, HANEYMANEY) campaign I saw on Tuesday, 2026-03-24. SmartApeSG is one of many campaigns that use the ClickFix technique. This past week, I’ve seen NetSupport RAT as follow-up malware from Remcos RAT pushed by this campaign. But this time, I also saw indicators for StealC malware and…

Predator spyware hooks iOS SpringBoard to hide mic, camera activity

February 21, 2026

Intellexa’s Predator spyware can hide iOS recording indicators while secretly streaming camera and microphone feeds to its operators. […]