Malicious attackers are trying to capitalize on public interest surrounding charges against the rap star Sean “Diddy” Combs. A new PDiddySploit malware has been detected by Veriti researchers.
As Diddy faces accusations of racketeering, sex trafficking, and other forms of violence, cybercriminals have seized the opportunity to exploit the public’s curiosity.
Since at least September 13th, threat actors have lured users into downloading infected files allegedly containing posts and replies from the now-deleted Diddy account on X.
The malicious payload was adapted from the open-source PySilon remote access trojan, which is an advanced malware written in Python. The spin-off trojan was called PDiddySploit.
This malware can steal sensitive information, record keystrokes, capture screen activity, and execute remote commands, leading to a total compromise of a system and its users. According to VirusTotal data, not all security vendors currently detect the new malware.
“As public attention skyrockets around the story, cybercriminals are seizing the opportunity to lure unsuspecting users into downloading malicious files and exposing themselves to cyber threats,” Veriti researchers warn.
“The fact that P. Diddy and others have deleted their social media content adds an additional layer of intrigue, tempting users to open these files to see what was deleted.”
Since the strain was first reported in 2023, PySilon RAT has already had over 300 different adaptations. Researchers expect more attackers to try to leverage the malware after the recent success of PDiddySploit.
The best protection against it is not running any infected files. That means users should avoid downloading suspicious documents, at least double-check the source, and scan the document with multiple antivirus solutions. Infected files are often disseminated as email attachments or links.
“While it’s natural to be curious about trending topics and celebrity scandals, it’s important to exercise caution when interacting with any related files or content online,” Veriti warns.
“Check for signs of tampering: If a file seems too good to be true – such as offering exclusive content from a deleted account – it’s likely a trap.”
This isn’t the first time that cyberattackers have used Diddy’s name. In 2013, a malicious file named after his hit song “I’m Coming Home” was delivered disguised as an MP3 file called "Diddy & Dirty Money – I’m Coming Home (feat. skylar grey).mp3.pif.” This attack involved a Program Information File (PIF) from the MS-DOS era.
Your email address will not be published. Required fields are markedmarked