Curly COMrades Exploit Hyper-V for Covert Malware Operations

Curly COMrades Exploit Hyper-V for Covert Malware Operations

First seen 5 Nov 2025, 17:08 UTC BleepingcomputerBitdefenderTheregisterSecuritybrief 81% similarity 35.8

Article Content

Browse articles
ThreatCluster

The Russian hacker group Curly COMrades is exploiting Microsoft Hyper-V on compromised Windows machines to create hidden Alpine Linux-based virtual machines. These virtual environments allow the group to bypass endpoint detection tools and maintain persistent access to victim networks, hosting custom malware such as the CurlyShell reverse shell and CurlCat reverse proxy.

ThreatCluster AI

Community

Browse all →