Attackers often capitalize on public interest in high-profile scandals to spread malware and exploit users’ curiosity. The recent Sean “Diddy” Combs scandal is no exception. As public attention skyrockets around the story, cybercriminals are seizing the opportunity to lure unsuspecting users into downloading malicious files and exposing themselves to cyber threats. 

Veriti’s research team has already observed cybercriminals leveraging P. Diddy’s name in malware attacks, and we anticipate more to come. 

The Rise of PDiddySploit Malware 

As Veriti’s research shows, attackers wasted no time in leveraging the P. Diddy scandal to their advantage. On September 13, 2024, a Trojan sample named PDiddySploit was found. This malware is an iteration of the open-source PySilon RAT (Remote Access Trojan), an advanced malware written in Python. PySilon RAT is known for its ability to steal sensitive information, record keystrokes, capture screen activity, and execute remote commands—all serious threats to personal and organizational security. 

Filename – PDIDDYSPLOIT as seen on virustotal.com 

The presence of PDiddySploit highlights how quickly attackers can weaponize public interest in celebrity scandals to carry out their malicious activities. According to Cyble Research and Intelligence Labs (CRIL), the usage of PySilon RAT by multiple threat actors (TAs) has surged, with over 300 samples reported on VirusTotal since June 2023. Its evolution from version 1.0 to the current iteration, version 3.6, has equipped it with advanced functionalities that make it even more dangerous. 

For more on PySilon RAT’s versatile features, you can refer to Cyble’s in-depth analysis here. 

The Risk of Public Curiosity and Malicious Files 

One of the most concerning aspects of this trend is the use of files related to P. Diddy’s social media activity, particularly from X.com. Two specific files containing posts and replies from his now-deleted account were uploaded to VirusTotal by a user named @lamps_apple. These files are part of an automated process of “collecting posts and replies,” but they pose a high risk because they can be easily armed with malicious payloads. 

Given the intense media coverage surrounding P. Diddy and other public figures, attackers are using these files to lure curious users into downloading them, only to be infected with malware. The fact that P. Diddy and others have deleted their social media content adds an additional layer of intrigue, tempting users to open these files to see what was deleted. 

The risk here is clear: high media attention + curious users = prime conditions for attackers to strike. 

VirusTotal files uploaded here and here. 

A Blast from the Past: P. Diddy’s First Encounter with Malware 

This isn’t the first time P. Diddy’s name has been tied to malware. Back in March 2013, the first malicious file associated with P. Diddy was discovered. It came in the form of a backdoor named after his hit song “I’m Coming Home” and was delivered as an MP3 file called “diddy & dirty money – i’m coming home (feat. skylar grey).mp3.pif”. 

Interestingly, this attack used an old method involving a PIF (Program Information File), which was more common in the days of MSDOS. It shows that attackers have long recognized the value of using celebrity names like Diddy to spread their malware, capitalizing on user curiosity for over a decade. 

The Evolving Threat of PySilon RAT 

Today, the use of PySilon RAT is a far more sophisticated attack than the MP3 malware of 2013. This RAT (Remote Access Trojan) is built to infiltrate systems, steal information, and even control devices remotely. Here are some of the key capabilities of PySilon RAT that make it a formidable threat: 

• Keystroke logging: Captures everything the user types, including passwords and sensitive information. 

• Screen recording: Monitors and records the user’s screen activity, potentially capturing confidential data. 

• Remote command execution: Allows attackers to run commands on infected systems, giving them full control over the device. 

• Data theft: Steals files, passwords, and other sensitive information from infected systems. 

With over 300 samples of PySilon RAT reported since June 2023, attackers are using open-source malware for its adaptability and advanced functionalities, making it easier for them to spread and evolve these threats. As Diddy’s scandal continues to attract attention, we can expect more attackers to leverage this malware to exploit public interest. 

How to Protect Yourself from PDiddySploit and Similar Threats 

While it’s natural to be curious about trending topics and celebrity scandals, it’s important to exercise caution when interacting with any related files or content online. Here are some steps you can take to protect yourself from falling victim to these attacks: 

Avoid downloading suspicious files: If you see a file claiming to contain deleted posts or exclusive content related to a celebrity scandal, be cautious. Verify the source before downloading anything. 

Be wary of email attachments: Attackers often use phishing emails to spread malware. If you receive an email with attachments related to the P. Diddy scandal, think twice before opening it. 

Use up-to-date antivirus software: Ensure your security software is up to date to help detect and block malicious files like PDiddySploit. 

Check for signs of tampering: If a file seems too good to be true—such as offering exclusive content from a deleted account—it’s likely a trap. 

Curiosity Kills the Cat, and Your Security 

Curiosity can be dangerous. Attackers know this, and they are always looking for ways to exploit human nature. The recent P. Diddy scandal is just another example of how cybercriminals can use public interest to launch malicious attacks. By staying vigilant and practicing good cybersecurity habits, you can protect yourself from falling victim to these schemes. 

As Veriti’s research has shown, the media spotlight is a double-edged sword, attracting not only public attention but also the attention of cyber attackers. Stay alert and protect yourself from becoming the next victim of PDiddySploit and other malicious attacks.