Diddy Drama Used to Spread Dangerous Trojan: PDiddySploit
Researchers at Veriti have discovered a new strain of malware named PDiddySploit, which exploits public interest in the allegations against the renowned rapper Sean “Diddy” Combs. Cybercriminals are leveraging users’ curiosity about Combs’ deleted posts on the social network X amidst accusations of racketeering, human trafficking, and other forms of violence.
Since September 13, cybercriminals have been distributing infected files, purportedly containing posts and replies from Diddy’s deleted X account. PDiddySploit is based on the PySilon RAT trojan, written in Python.
PDiddySploit can steal confidential information, log keystrokes, capture screen activity, and execute remote commands. This functionality allows attackers to fully compromise a system and gain access to the user’s data. According to VirusTotal, many antivirus programs fail to detect this new trojan, significantly heightening its threat.
Veriti specialists emphasize that the surge of public attention surrounding this case creates favorable conditions for cybercriminals. They exploit the situation to lure unsuspecting users into downloading malicious files, exposing them to serious cyberthreats. The removal of content from Diddy’s social media and other involved individuals adds an element of intrigue, further tempting users to open suspicious files in hopes of accessing the deleted information.
Since the emergence of PySilon RAT in 2023, it has been adapted over 300 times, with PDiddySploit becoming one of the most successful iterations of these modifications. Experts predict a rise in similar attacks involving this malware shortly.
To safeguard against such malware, users are advised to refrain from downloading dubious files, thoroughly verify sources, and scan documents with multiple antivirus solutions. Often, these files are distributed via email or links.
Researchers stress the importance of caution when interacting with content linked to high-profile news and scandals. Cybercriminals employ psychological tactics to entice users into opening infected documents. If a file seems too enticing, such as promising exclusive data from deleted accounts, it is likely a trap.
It is worth noting that this is not the first time Diddy’s name has been used in cyberattacks. In 2013, hackers distributed a malicious file disguised as an MP3 titled “Diddy & Dirty Money – I’m Coming Home (feat. Skylar Grey).mp3.pif,” which contained a Program Information File (PIF) — a format dating back to MS-DOS.
