TL;DR: A largely self-owned delivery chain, from compromised websites and web injects to fake verification pages and malware installation, is run by TA585, while MonsterV2 adds stealer, RAT, loader, and privilege-escalation capability, according to Proofpoint. That model compresses attacker friction and raises the bar for user education, email filtering, and post-click containment.
NHIMG editorial — based on content published by Proofpoint: TA585 and MonsterV2 campaign analysis
By the numbers:
- MonsterV2 has been advertised at $2,000 per month for a private development build.
- Rhadamanthys is advertised for $199 per month, making MonsterV2 far more expensive than a common stealer.
- Proofpoint observed MonsterV2 in campaigns that targeted fewer than 200 messages in March 2025.
Questions worth separating out
Q: How should security teams stop fake verification lures from turning users into the execution path?
A: Constrain user-initiated scripting, remove easy paths to PowerShell from standard accounts, and monitor for browser-to-shell transitions that begin with CAPTCHA or verification pages.
Q: Why do compromised websites make malware delivery harder to block than ordinary phishing?
A: A compromised legitimate site can serve malicious content only after filtering for a real user, which reduces detection opportunities and makes URL reputation less reliable.
Q: What do security teams get wrong about infostealer campaigns that also include remote access?
A: They often treat the infection as a single endpoint event, when the real risk is credential theft plus session abuse plus follow-on access.
Practitioner guidance
- Constrain interactive script execution paths Block or tightly restrict non-administrative PowerShell, Win+R-based command execution, and other user-driven scripting paths on managed endpoints, especially for finance and accounting users who are frequently targeted by invoice and government-themed lures.
- Detect compromised-site delivery patterns Add detections for pages that load an overlay, repeatedly beacon before redirecting, or gate access on a manual verification step, because those behaviors often indicate filtering infrastructure rather than normal website content.
- Hunt for post-execution privilege abuse Search for SeDebugPrivilege, SeTakeOwnershipPrivilege, unusual child processes from scripting hosts, and rapid file writes followed by task scheduler execution, because MonsterV2 and similar payloads often combine escalation with persistence and loader behavior.
What's in the full report
Proofpoint's full report covers the operational detail this post intentionally leaves for the source:
- Campaign timelines, infrastructure indicators, and example lure pages for TA585's web-inject and GitHub-themed activity.
- The malware's configuration structure, privilege requests, and anti-analysis behavior across sampled MonsterV2 variants.
- Specific detection content, including the Emerging Threats rule and indicator list tied to observed check-ins.
- Detailed analysis of SonicCrypt packing, task scheduler execution, and the technical unpacking flow.
👉 Read Proofpoint's analysis of TA585, ClickFix delivery, and MonsterV2 →
TA585's owned delivery chain: what it means for SOC teams?
Explore further
Owned delivery chains are now a threat-modeling category, not an implementation detail. TA585 matters because the actor controls infrastructure, filtering, lure delivery, and installation rather than relying on rented access at every step. That shifts detection value toward chain interruption, not just payload blocking. Security teams should treat end-to-end delivery ownership as a sign that the attacker can iterate faster than point controls can adapt.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
- 67% of organisations still rely heavily on static credentials despite the risks they pose to agentic AI deployments, according to The 2026 Infrastructure Identity Survey.
A question worth separating out:
Q: Who is accountable when a malicious script is executed by a user through a fake verification page?
A: Accountability is shared across security, endpoint, and user-awareness controls because the failure sits at the boundary between social engineering and local execution. Organisations must be able to show that they constrained unsafe script paths, monitored for suspicious browser-to-shell behavior, and responded by invalidating exposed credentials and sessions.
👉 Read our full editorial: TA585 shows how owned delivery chains lower malware friction