PhantomVAI (Malware Family)

PhantomVAI

aka: Caminho, Katz Stealer Loader, VMDetectLoader

PhantomVAI Loader is a malicious multi-stage infection chain used to distribute the Katz Stealer information-stealing malware or other malicious payloads.

References

2025-12-19 ⋅ cyble ⋅ Cyble
Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns
DCRat Katz Stealer PhantomVAI PureLogs Stealer Remcos XWorm

2025-12-16 ⋅ Zscaler ⋅ Gaetano Pellegrino
BlindEagle Targets Colombian Government Agency with Caminho and DCRAT
DCRat PhantomVAI

2025-10-15 ⋅ Palo Alto Networks Unit 42 ⋅ paloalto Networks: Unit42
PhantomVAI Loader Delivers a Range of Infostealers
Katz Stealer PhantomVAI

2025-06-03 ⋅ IBM X-Force ⋅ Melissa Frydrych
IBM X-Force Threat Analysis: DCRat presence growing in Latin America
DCRat PhantomVAI

There is no Yara-Signature yet.

PhantomVAI Propose Change

References

PhantomVAI