In December 2024, Thai government officials became targets of a new campaign involving malware known as Yokai. The malware employs DLL side-loading techniques to infiltrate systems and gain unauthorized access to sensitive information.
The attack begins with a RAR archive containing Windows shortcut files disguised as official documents from the U.S. Department of Justice. When executed, these files deploy the Yokai backdoor, which establishes persistence on the host system and connects to a command-and-control server. This connection allows attackers to execute shell commands remotely, posing a significant threat to the confidentiality and integrity of governmental data.
Contextal Platform was designed from the ground up to autonomously combat threats like these. Upon its initial release in November 2024, it already included technologies proactively detecting Yokai.
The effectiveness of Contextal Platform in identifying the Yokai malware underscores the critical role of contextual approach and future-proof design.
For a detailed analysis of the Yokai malware and its implications, refer to the ThaiCERT report.
See Contextal Platform in action. Book a live demo with our team and experience the most advanced autonomous contextual detection system.