A threat actor tracked as TAG-150 is behind a rapidly evolving malware ecosystem, centered around a loader called CastleLoader and a newly identified remote access trojan (RAT) known as CastleRAT. These tools, operating as part of a malware-as-a-service (MaaS) framework, enable attackers to deploy second-stage payloads including information stealers, additional loaders, and other RATs. CastleLoader, first publicly identified in July 2025, has been linked to the distribution of malware like RedLine, NetSupport RAT, and Hijack Loader.
CastleRAT is available in two versions: a Python-based variant known as PyNightshade, and a more feature-rich C version. Its capabilities include system reconnaissance, downloading further payloads, executing PowerShell and CMD commands, and self-deletion. The C variant adds advanced functions such as keylogging, screenshot capture, file exfiltration, and clipboard hijacking to steal cryptocurrency transactions. Both versions use Steam Community profiles as “dead drop resolvers” to identify command-and-control (C2) servers, demonstrating creative evasion techniques.
Multi-tiered infrastructure linked to TAG-150. Source: recordedfuture.com.
Initial infections are typically triggered through SEO poisoning and phishing campaigns—notably a scheme called ClickFix, which impersonates Cloudflare error pages or legitimate software repositories hosted on GitHub. Once executed, CastleLoader uses a multilayered C2 infrastructure and advanced evasion methods like UAC Prompt Bombing and Windows Defender exclusion loops to slip past detection tools and sandboxes. This loop ensures the malware only deploys when security is bypassed, complicating efforts by researchers to analyze the payloads.
The campaign also intersects with other malware delivery mechanisms, including a loader dubbed TinyLoader that spreads via USB drives and network shares, delivering threats like RedLine Stealer and DCRat. Analysts have additionally spotted new malware families operating in parallel: TinkyWinkey, a Windows keylogger with stealth capabilities, and Inf0s3c Stealer, a Python-based info stealer with ties to other known strains like Blank Grabber.
Cybersecurity firms like Recorded Future, IBM X-Force, PRODAFT, and eSentire have been actively tracking these developments, noting the continuous updates and growing modularity of TAG-150’s toolset. The C version of CastleRAT, for instance, once collected ZIP codes and city data via the public ip-api.com service, though recent builds have omitted this, suggesting ongoing refinement and experimentation by the authors.
TAG-150’s toolchain—anchored by CastleLoader and CastleRAT—illustrates a trend toward professionalized, layered malware infrastructure capable of wide deployment, stealthy execution, and flexible payload delivery. Organizations should harden defenses against phishing vectors, educate users on fake update lures, and monitor GitHub repositories for impersonation. With CastleRAT under active development, defenders should expect further enhancements and remain vigilant for evolving tactics.
