Alchemist and Insekt Malware Targeting Linux, Windows, and MacOS

  • ransom-4



A recent command and control framework was identified named Alchemist, it is written in Golang and is capable of leveraging scripts to generate the Insekt RAT payload that is attached to the framework.

The Insekt RAT is also built in Golang and performs a multitude of tasks from screen capture to additional payload deployments.

The Talos research team has attributed the framework and remote access trojan to Chinese threat actors and have moderate confidence that the malware is being used in the wild.

The malware targets Windows, Linux and the MacOS systems and may exploit the vulnerability CVE2021-4034 as well as deliver tools such as PsExec, SMBExec, and FSCAN and use native OS binaries to accomplish the threat actor objectives. 

SkyWatchSM Alert Legend

  • small-bell


  • active-threat0-lt-green

    Active Threat

  • malware-lt-green


  • ransome-lt-green


  • warning-green


  • file-green


Glesec Information Sharing Protocol

GLESEC CYBER SECURITY INCIDENT REPORTS are in compliance with the U.S. Department of Homeland Security (DHS) Traffic-Light Protocol (TLP).

  • TLP-White

    Disclosure is Not Limited.

  • TLP-Green

    Limited Disclosure, Restricted Only to the Community.

  • TLP-Amber

    Limited Disclosure, restricted to the Participant's Organization.

  • TLP-Red

    Not for Disclosure, Restricted/ Classified - Only Shared with US DHS.

Discover Glesec.

Authority. Consistency.

Sign-up today for SkywatchSM Alerts.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.