Tag: rat
-
New XWorm 7.1 and Remcos RAT Attacks Abuse Windows Tools to Evade Detection
New XWorm 7.1 and Remcos RAT campaigns abuse trusted Windows tools to evade detection. The attacks exploit a WinRAR flaw and use process hollowing to spy on victims. First seen on hackread.com Jump to article: hackread.com/xworm-7-1-remcos-rat-windows-tools-evade-detection/
-
Fake FileZilla Downloads Spread RAT via Stealthy Multi-Stage Loader
Fake FileZilla downloads are being used to deliver a stealthy Remote Access Trojan (RAT) through a multi”‘stage loader, putting careless downloaders at high risk of compromise.”‹ Attackers have set up a fake website that closely copies the look and layout of the legitimate FileZilla download page, including logos, buttons, and version information. Unsuspecting users who…
-
Fileless Remcos RAT Attack Uses JavaScript and PowerShell to Slip Past Detection
A recent Remcos RAT campaign showcases how commodity malware has fully embraced fileless, multi”‘stage execution to bypass traditional defenses and remain stealthy on compromised Windows systems. Instead of dropping a static executable to disk, the operators rely on JavaScript, PowerShell, and a managed .NET injector to execute Remcos entirely in memory, dramatically reducing forensic artifacts…
-
Sophisticated Surveillance RAT Marketed for Global Buyers
‘Cyber Android RAT’ Can Capture WhatsApp History, Crypto Seed Phrases. Cybercriminals are advertising on criminal hacking online boards an Android remote access Trojan that can steal victims’ WhatsApp conversation history, surveil them in real time and extract cryptocurrency seed phrases for the low price of about $500 a month. First seen on govinfosecurity.com Jump to…
-
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud.The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT to full-fledged remote administration tools such as SURXRAT.PixRevolution, according to First seen on thehackernews.com Jump to…
-
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud.The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT to full-fledged remote administration tools such as SURXRAT.PixRevolution, according to First seen on thehackernews.com Jump to…
-
BeatBanker Trojan Spreads via Phishing, Deploys Crypto Miner and RAT on Targeted Devices
BeatBanker is a new Android malware campaign targeting users in Brazil, combining banking fraud, crypto”‘mining, and, in its latest wave, full device takeover via a RAT. It spreads almost entirely through phishing pages that mimic the Google Play Store and trick victims into installing weaponized APKs disguised as legitimate apps and updates. The operation starts…
-
Devs looking for OpenClaw get served a GhostClaw RAT
From password theft to persistence: The second stage malware, internally referred to as “GhostLoader,” is a large JavaScript bundle implementing both an infostealer and a remote access framework. Once launched, GhostLoader installs itself into a hidden directory disguised as an npm telemetry service and sets up persistence mechanisms which include shell configuration hooks that automatically…
-
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts.The package, named “@openclaw-ai/openclawai,” was uploaded to the registry by a user named “openclaw-ai” on March 3, 2026. It has been downloaded 178 times to date. The library…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 87
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Malware Reverse Engineering is no longer a human problem! StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy Multi-Stage Credential Stealer Inside a fake Google security check that becomes a browser RAT SloppyLemming…
-
Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT.The stealthy attack chain has been codenamed VOID#GEIST by Securonix Threat Research.At a high level, the obfuscated batch script is used to…
-
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that’s functional on Windows, macOS, and Linux systems.The names of the packages are listed below -nhattuanbl/lara-helper (37 Downloads)nhattuanbl/simple-queue (29 Downloads)nhattuanbl/lara-swagger (49 Downloads) First seen on thehackernews.com Jump to article: thehackernews.com/2026/03/fake-laravel-packages-on-packagist.html
-
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that’s functional on Windows, macOS, and Linux systems.The names of the packages are listed below -nhattuanbl/lara-helper (37 Downloads)nhattuanbl/simple-queue (29 Downloads)nhattuanbl/lara-swagger (49 Downloads) First seen on thehackernews.com Jump to article: thehackernews.com/2026/03/fake-laravel-packages-on-packagist.html
-
Malicious Laravel Packages Deploy PHP RAT, Grant Remote Access to Attackers
Malicious Packagist packages masquerading as Laravel helper utilities are delivering an obfuscated PHP remote access trojan (RAT) that grants full remote control over compromised hosts. Two of these, nhattuanbl/lara-helper and nhattuanbl/simple-queue, embed a byte”‘for”‘byte identical RAT payload in src/helper.php. A third package, nhattuanbl/lara-swagger, appears benign but hard”‘depends on lara-helper, ensuring the malware is installed transitively whenever developers require the swagger utility.…
-
SloppyLemming Espionage Campaign Targets Pakistan, Bangladesh with BurrowShell Backdoor and Rust RAT
SloppyLemming, an India-linked espionage group also known as Outrider Tiger and Fishing Elephant, has run a year-long cyber campaign against high”‘value targets in Pakistan and Bangladesh using a new BurrowShell backdoor and a Rust-based remote access tool (RAT). This activity builds directly on earlier operations exposed by Cloudflare’s CloudForce One in 2024. However, it shows…
-
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry.The packages masquerade as developer tools, but contain functionality to extract the actual command-and-control (C2) by using seemingly harmless Pastebin content as a dead drop…
-
Hacker erpressen weniger Lösegeld
immer mehr betroffene Unternehmen und Organisationen folgen dem Rat, kein Lösegeld zu zahlen.Laut einem neuen Bericht des Analyseunternehmens Chainalysis konnten Hacker im Jahr 2025 im Zusammenhang mit Ransomware-Angriffen insgesamt 820 Millionen Dollar erbeuten.Auch wenn die Summe hoch ist, im Vergleich zum Vorjahr ist sie damit um 28 Prozent gesunken. Zudem ist zu berücksichtigen, dass die…
-
Microsoft warns of RAT delivered through trojanized gaming utilities
Attackers spread trojanized gaming tools to deliver a stealthy RAT using PowerShell, LOLBins, and Defender evasion tactics. Threat actors are tricking users into running trojanized gaming utilities shared through browsers and chat platforms to deploy a remote access trojan. >>Microsoft Defender researchers uncovered a campaign that lured users into running trojanized gaming utilities (Xeno.exe or…
-
Double whammy: Steaelite RAT bundles data theft, ransomware in one evil tool
Credential and cryptocurrency theft, live surveillance, ransomware – an attacker’s Swiss Army knife First seen on theregister.com Jump to article: www.theregister.com/2026/02/27/double_extortion_whammy_steaelite_rat/
-
Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms
Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT).”A malicious downloader staged a portable Java runtime and executed a malicious Java archive (JAR) file named jd-gui.jar,” the Microsoft Threat Intelligence team said in a post on X. “This…
-
Microsoft Defender Discovers Trojanized Gaming Utility Campaign Stealing Data with RATs
Microsoft Defender researchers have uncovered a new campaign that abuses trojanized gaming utilities to deliver multi”‘stage malware with remote access, data theft, and payload delivery capabilities. Attackers are masquerading as popular tools such as Xeno.exe and RobloxPlayerBeta.exe, tricking gamers into launching the malicious chain via downloads shared through web browsers and chat platforms. Once a…
-
New $300 Android RAT Boasts Automated Permission Bypass and Hidden Remote Control
Every so often, a new piece of malware emerges that truly shifts the threat landscape. Oblivion, a newly discovered Android Remote Access Trojan (RAT), appears to be one such moment. Unlike recycled or buggy Remote Access Trojan (RATs) seen across underground markets, Oblivion is promoted as a ground”‘up build, tested for months before public release. The…
-
Steaelite RAT Drives Surge in Double Extortion Attacks on Enterprises
A newly surfaced Remote Access Trojan (RAT) named Stealer is rapidly gaining traction across cybercrime networks, fueling a fresh wave of double-extortion incidents against enterprise targets. It offers features such as HVNC (Hidden Virtual Network Computing) monitoring and banking application bypass capabilities once reserved for advanced, custom-built malware teams. Steaelite’s marketing strategy mirrors that of commercial malware projects. The developer has actively…
-
Steaelite RAT combines data theft and ransomware management capability in one tool
Tags: access, android, attack, authentication, awareness, business, corporate, credentials, crypto, cybercrime, data, ddos, defense, encryption, endpoint, extortion, infection, infosec, malware, mobile, monitoring, password, phishing, ransomware, rat, remote-code-execution, theft, threat, tool, training, windowsCSO that this isn’t the most sophisticated RAT he’s seen. “The novel aspect here,” he said, “is the convergence. Steaelite bundles remote access, credential harvesting, data exfiltration, and ransomware (currently in development) in a single package.” Traditionally, he explained, these capabilities have occupied different parts of the cybercrime toolchain, but Steaelite unifies the functions, giving…
-
Android RAT SURXRAT Grants Hackers Full Device Control and Data Exfiltration
SURXRAT is an actively developed Android Remote Access Trojan (RAT) sold as a commercial malware-as-a-service (MaaS) on Telegram, giving attackers full device control and powerful data”‘stealing capabilities. It combines large”‘scale affiliate distribution, cloud”‘hosted command”‘and”‘control, and even experimental AI modules, making it a serious and evolving threat for Android users. The Indonesian operator runs a channel…
-
ZeroDayRAT Targets Android and iOS Devices for Surveillance and Financial Data Theft
ZeroDayRAT targets Android and iOS devices, combining real-time surveillance with direct financial theft within a single browser panel. The Malware-as-a-Service (MaaS) ecosystem is entering a new phase, blending mobile surveillance and financial crime into one seamless platform. Active promotions for this RAT (Remote Access Trojan) began on Telegram channels on February 2, 2026, highlighting its dual purpose: real-time spying and direct financial…
-
GrayCharlie Hacks WordPress Sites, Spreads NetSupport RAT and Stealc Malware
GrayCharlie is abusing compromised WordPress sites to silently load malicious JavaScript that pushes NetSupport RAT, often followed by Stealc and SectopRAT, via fake browser updates and ClickFix lures. Insikt Group tracks GrayCharlie as a financially motivated threat actor overlapping with SmartApeSG, active since mid”‘2023, and specializing in turning legitimate WordPress sites into malware-delivery points. The…
-
Hackers Hide Pulsar RAT Inside PNG Images in New NPM Supply Chain Attack
Cybersecurity researchers at Veracode reveal a typosquatting attack that disguises Pulsar RAT as images to bypass Windows security and antivirus programs. First seen on hackread.com Jump to article: hackread.com/hackers-pulsar-rat-png-images-npm-supply-chain-attack/