Intel Name: Distribution of pebbledash malware in march 2025
Date of Scan: April 29, 2025
Impact: Medium
Summary: n March 2025, the PebbleDash backdoor malware, previously linked to the Lazarus group, was observed being distributed in new campaigns targeting individuals. The latest activity includes the use of additional malware and modules alongside PebbleDash to enhance its capabilities. Notably, attackers have shifted from using open-source RDP Wrapper tools to directly patching the termsrv.dll file, enabling unauthorized remote desktop access and demonstrating evolving techniques for persistence and control.
