ANY.RUN Reveals Major Cyber Attacks in July: Fake 7-Zip App, New DeerStealer Campaign, and More

DUBAI, DUBAI, UNITED ARAB EMIRATES, July 30, 2025 /EINPresswire.com/ -- ANY.RUN has released its July 2025 cyber threat report. The study highlights the most active malware families, infection techniques, and a growing trend: cybercriminals are increasingly using legitimate Remote Monitoring and Management (RMM) software to attack corporate systems.

𝐊𝐞𝐲 𝐟𝐢𝐧𝐝𝐢𝐧𝐠𝐬 𝐟𝐫𝐨𝐦 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓
● DeerStealer campaign: spread via obfuscated .LNK shortcuts. Execution goes through mshta.exe and PowerShell, allowing malware to bypass basic defenses and deliver payloads silently.
● Fake 7‑Zip installer: downloads a malicious archive that extracts Active Directory files, including ntds.dit and the SYSTEM hive. Attackers can use this data for privilege escalation and full domain compromise.
● Snake Keylogger activity: increased attacks against banking and financial services. The malware uses multiple layers of obfuscation, LOLBins, and registry changes for persistence.

𝐁𝐫𝐨𝐚𝐝𝐞𝐫 𝐭𝐫𝐞𝐧𝐝𝐬 𝐢𝐧 𝟐𝟎𝟐𝟓
● 𝐀𝐛𝐮𝐬𝐞 𝐨𝐟 𝐑𝐌𝐌 𝐭𝐨𝐨𝐥𝐬: attackers often rely on tools normally used by IT teams to gain remote access and move inside networks.
● 𝐓𝐨𝐩 𝟓 𝐚𝐛𝐮𝐬𝐞𝐝 𝐑𝐌𝐌 𝐬𝐨𝐥𝐮𝐭𝐢𝐨𝐧𝐬 (𝐇𝟏 𝟐𝟎𝟐𝟓): ScreenConnect, UltraVNC, NetSupport, PDQ Connect, Atera.
● 𝐋𝐢𝐯𝐢𝐧𝐠-𝐨𝐟𝐟-𝐭𝐡𝐞-𝐥𝐚𝐧𝐝 𝐭𝐚𝐜𝐭𝐢𝐜𝐬: cybercriminals increasingly use built-in Windows tools to stay undetected.
● 𝐒𝐭𝐞𝐚𝐥𝐞𝐫 𝐦𝐚𝐥𝐰𝐚𝐫𝐞 𝐠𝐫𝐨𝐰𝐭𝐡: campaigns distributing information‑stealers remain among the most common threats, often delivered through phishing emails or fake software installers.

Visit the ANY.RUN blog for more details.

𝐇𝐨𝐰 𝐀𝐍𝐘.𝐑𝐔𝐍 𝐡𝐞𝐥𝐩𝐬 𝐛𝐮𝐬𝐢𝐧𝐞𝐬𝐬𝐞𝐬 𝐝𝐞𝐭𝐞𝐜𝐭 𝐧𝐞𝐰 𝐚𝐭𝐭𝐚𝐜𝐤𝐬 𝐞𝐚𝐫𝐥𝐲
All the threats were identified using ANY.RUN’s malware analysis and threat intelligence solutions that empower companies across finance, healthcare, IT, government, and other industries to catch attacks before they cause damage.

Here’s how ANY.RUN helps companies stay safer:
● Faster detection of threats and reduced Mean Time to Detect (MTTD)
● Full visibility into what threats do on the system without any guesswork
● Immediate access to IOCs for SIEM enrichment and faster response
● Less manual effort for analysts, thanks to automated analysis
● Lower risk of breaches, data loss, and business disruption
● Shareable, detailed reports for internal teams, clients, or compliance needs

𝐀𝐛𝐨𝐮𝐭 𝐀𝐍𝐘.𝐑𝐔𝐍
ANY.RUN is a provider of cybersecurity solutions. Among its products are Interactive sandbox for analysis of malicious behavior in real time and threat intelligence solutions TI Lookup and TI Feeds suitable for browsing and monitoring emerging and evolving threats targeting over 15,000 companies in sectors like finance, manufacturing, and healthcare.

The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
LinkedIn
YouTube
X