Intel Name: Peaklight: illuminating the shadows
Date of Scan: January 22, 2025
Impact: Medium
Summary: “PEAKLIGHT: Illuminating the Shadows” refers to a PowerShell-based downloader malware, first identified by Mandiant, that facilitates the delivery of infostealers through malware-as-a-service. The infection begins via a Microsoft Shortcut File (LNK) which connects to a CDN, serving a JavaScript dropper. This dropper ultimately runs a PowerShell script that delivers various payloads, including LummaC2, HijackLoader, and CryptBot. The name “PEAKLIGHT” symbolizes the malware’s ability to expose and deploy malicious activity in a covert manner.