Do not attempt to open this file. If found on a corporate or government network, isolate the machine immediately and follow standard incident response protocols to check for PowerShell persistence and unauthorized domain admin creation. New DOGE Big Balls Ransomware Tools in the Wild - Netskope
Phishing emails containing finance-themed ZIP or RAR files.
Infostealer and Ransomware (modified variant of Fog ransomware). SpaceSeals-DOGE.rar
: Once inside, it searches for sensitive system data and password hashes. This specific campaign has been linked to the exposure of credentials for high-level DOGE and CISA employees.
: Victims are lured into downloading the RAR file, which often masquerades as internal DOGE documentation or financial files. Do not attempt to open this file
: The malware utilizes a "Bring Your Own Vulnerable Driver" ( BYOVD ) technique, exploiting a known vulnerability ( CVE-2015-2291 ) to gain kernel-level access.
: If the goal is disruption, the group deploys a customized encryption payload that includes political commentary and provocations within the code. Recent Incidents : Victims are lured into downloading the RAR
In early 2025, reports surfaced that a software engineer working for both DOGE and the Federal Emergency Management Agency () had his device infected by this or similar infostealer malware, leading to the leak of credentials for core government financial systems.