ThreatCluster

Global JS Malware Campaign Leveraging GHOSTYNETWORKS and OMEGATECH Hosting

First seen 28 May 2026, 12:58 UTC GbhackersCybersecuritynews 92% similarity 67

Article Content

Browse articles
ThreatCluster

In March 2026, hackers exploited GHOSTYNETWORKS and OMEGATECH to deploy a JavaScript backdoor via malspam targeting various sectors, including energy and finance. The operation involved sending malicious emails with ZIP or RAR attachments containing the malware. Organizations across multiple countries were affected, indicating a wide scope of impact. The infrastructure used is designed to evade detection and maintain persistence. This campaign highlights the ongoing threat posed by bulletproof hosting services in facilitating cybercrime. Current status indicates ongoing malspam activity without immediate remediation steps reported.

Key Points: • Hackers used GHOSTYNETWORKS and OMEGATECH for a large-scale JS malware campaign. • Malicious emails delivered a JavaScript backdoor to critical sectors like energy and finance. • The operation's infrastructure is designed to evade detection and sustain long-term attacks.

ThreatCluster AI

Timeline

2026-03-01
Malspam campaign initiated
Hackers began distributing malicious emails with JS backdoors targeting various sectors globally.
Gbhackers
2026-03-15
Widespread impact reported
Organizations in energy, automotive, and finance sectors reported successful infections from the malspam campaign.
Cybersecuritynews
2026-05-28
Current status update
As of today, the malspam campaign continues with no reported remediation measures in place.
Gbhackers

Community

Browse all →