Overview
- The campaign surfaced after a zip archive titled "US now deciding what's next for Venezuela" was uploaded to a public malware analysis service on January 5.
- Acronis says a malware binary tied to the lure was compiled on January 3, shortly after the U.S. operation involving Nicolás Maduro began, with later analysis suggesting U.S. government and policy-related entities were the intended audience.
- The package included a legitimate launcher and a hidden DLL backdoor dubbed Lotuslite that enables persistence, beaconing, remote tasking and data exfiltration.
- Researchers have not identified specific victims or confirmed any successful compromises, describing the operation as precise rather than broad.
- China’s embassy in Washington denied the allegations and the FBI declined to comment.