Key Findings Multi-stage malware campaign codenamed VOID#GEIST delivers various remote access trojan (RAT) payloads, including XWorm, AsyncRAT, and Xeno RAT Malware utilizes obfuscated batch scripts as a pathway to deploy and execute encrypted shellcode payloads Leverages legitimate embedded Python runtime for portability, reliability, and stealth Employs fileless execution mechanisms and memory injection techniques to evade detection Background Cybersecurity researchers have
