Tag: rat
-
Hugging Face infra abused to spread Android RAT in a large-scale malware campaign
Abuse through smart hosting: Hugging Face is a go-to platform for developers hosting machine learning models, datasets, and tooling. According to Bitdefender, the resource is now being leveraged to mask malicious downloads amidst legitimate activity. While the platform uses ClamAV scanning on uploads, these controls currently fall short of filtering out cleverly disguised malware repositories,…
-
Breach Roundup: Android RAT Hides Behind Hugging Face
Also, SmarterMail Flaw, Nike Breach Probe, Empire Market Co-Creator Pleads Guilty. This week, researchers exposed an Android RAT abusing Hugging Face. Attackers exploited a SmarterMail flaw. Automakers raised cyber spending. CISA flagged a VMware bug. Microsoft patched Office. An Empire Market co-creator pleaded guilty. Nike probed a breach. First seen on govinfosecurity.com Jump to article:…
-
Weaponized VS Code Extension “ClawdBot Agent” Spreads ScreenConnect RAT
A malicious Visual Studio Code extension posing as an AI coding assistant has been caught secretly installing a fully functional remote access tool (RAT) on developer machines. The extension looks convincing at first glance: polished branding, a professional icon, and integration with several AI providers including OpenAI, Anthropic, Google, Ollama, Groq, Mistral, and OpenRouter. In…
-
Everybody is WinRAR phishing, dropping RATs as fast as lightning
Russians, Chinese spies, run-of-the-mill crims “¦ First seen on theregister.com Jump to article: www.theregister.com/2026/01/28/winrar_bug_under_attack/
-
ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories
Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them.What stands out is how little friction attackers now need. Some activity focused on quiet reach and…
-
Weaponized Shipping Documents Spread Remcos RAT in Stealthy Malware Campaign
A sophisticated phishing campaign distributing a fileless variant of Remcos RAT, a commercial remote access tool offering extensive capabilities, including system resource management, remote surveillance, network management, and agent control. The campaign initiates through phishing emails impersonating Vietnamese shipping companies, tricking recipients into opening attached Word documents under the pretense of viewing updated shipping documents.…
-
Threat Actors Exploit LinkedIn for RAT Delivery in Enterprise Networks
A sophisticated phishing campaign exploiting LinkedIn private messages has been identified, delivering remote access trojans (RATs) through a combination of DLL sideloading techniques and weaponized open-source Python pen-testing scripts, enabling attackers to establish persistent control over corporate systems while evading traditional security detection. These archives contain four key components: a genuine open-source PDF reader application,…
-
Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading
Tags: access, cybersecurity, exploit, hacker, linkedin, malicious, malware, open-source, phishing, ratCybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan (RAT).The activity delivers “weaponized files via Dynamic Link Library (DLL) sideloading, combined with a legitimate, open-source Python pen-testing script,” ReliaQuest said in a report shared with First…
-
Spear-Phishing Campaign Abuses Argentine Federal Court Rulings to Deliver Covert RAT
Seqrite Labs has uncovered a sophisticated spear-phishing campaign targeting Argentina’s judicial sector with a multi-stage infection chain designed to deploy a stealthy Rust-based Remote Access Trojan (RAT). The campaign primarily targets Argentina’s judicial institutions, legal professionals, justice-adjacent government bodies, and academic legal organizations. Attackers abuse legitimate Argentine federal court rulings specifically, preventive detention review documents…
-
Remcos RAT Campaign Uses Trojanized VeraCrypt Installers to Steal Credentials
AhnLab Security Intelligence Center (ASEC) has identified an active Remcos RAT campaign targeting users in South Korea. The malware is being spread through multiple channels. It often masquerades as VeraCrypt utilities or tools used within illegal online gambling ecosystems. Once installed, the RAT can steal login credentials, monitor user activity, and give attackers remote control…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 80
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Gogs 0-Day Exploited in the Wild SHADOW#REACTOR Text-Only Staging, .NET Reactor, and In-Memory Remcos RAT Deployment >>Untrustworthy Fund<<: targeted UAC-0190 cyberattacks against SOU using PLUGGYAPE (CERT-UA#19092) Hiding in Plain Sight: Deconstructing the Multi-Actor […]…
-
Shadow#Reactor Uses Text Files to Deliver Remcos RAT
Attackers use a sophisticated delivery mechanism of text-only files for RAT deployment, showcasing a clever way to bypass defensive tools and rely on the target’s own utilities. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/shadow-reactor-uses-text-files-to-deliver-remcos-rat
-
PowerShell-Driven Multi-Stage Windows Malware Using Text Payloads
Security researchers have identified a sophisticated multi-stage malware campaign dubbed SHADOW#REACTOR that chains together obfuscated Visual Basic Script (VBS) execution, resilient PowerShell stagers, text-only payload delivery mechanisms, and .NET Reactorprotected in-memory loaders to deploy Remcos RAT while evading detection and analysis reliably. Initial infection begins when users execute a malicious VBS script, typically delivered through…
-
SHADOW#REACTOR Campaign Uses Text-Only Staging to Deploy Remcos RAT
SHADOW#REACTOR is a multi-stage Windows malware campaign that stealthily deploys the Remcos RAT using complex infection techniques First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/shadowreactor-text-staging-remcos/
-
New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack
Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOW#REACTOR that employs an evasive multi-stage attack chain to deliver a commercially available remote administration tool called Remcos RAT and establish persistent, covert remote access.”The infection chain follows a tightly orchestrated execution path: an obfuscated VBS launcher executed via wscript.exe invokes a First seen on…
-
Fake Employee Reports Spread Guloader and Remcos RAT Malware
Scammers are using fake October 2025 performance reviews to trick staff into installing Guloader and Remcos RAT malware. Learn how to identify this threat and protect your personal data from remote hackers. First seen on hackread.com Jump to article: hackread.com/fake-employee-reports-guloader-remcos-rat-malware/
-
Fake Employee Performance Reports Deliver Guloader Malware
Organizations are being warned about a new phishing campaign that weaponizes fake employee performance reports to deploy the Guloader malware and ultimately install Remcos RAT on compromised systems. In the observed cases, threat actors send phishing emails that purport to share an employee performance report for October 2025. The email body claims that management is…
-
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors
The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater.”The campaign uses icon spoofing and malicious Word documents to deliver Rust based implants capable of asynchronous C2, anti-analysis, registry persistence, and modular First seen…
-
Bitdefender-Rat an Unternehmen: 2026 von Reaktion zur Prävention wechseln
Tags: ratFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/bitdefender-rat-unternehmen-2026-wechsel-reaktion-praevention
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia
The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts.”The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF document…
-
Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia
The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts.”The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF document…
-
Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia
The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts.”The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF document…
-
Indian Tax Phishing Campaign Delivers Persistent RAT Malware
A tax-themed phishing campaign is impersonating India’s Income Tax Department to deliver persistent RAT malware to businesses. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/indian-tax-phishing-campaign-delivers-persistent-rat-malware/
-
Indian Tax Phishing Campaign Delivers Persistent RAT Malware
A tax-themed phishing campaign is impersonating India’s Income Tax Department to deliver persistent RAT malware to businesses. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/indian-tax-phishing-campaign-delivers-persistent-rat-malware/
-
Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale
Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in Uzbekistan.”Previously, users received ‘pure’ Trojan APKs that acted as malware immediately upon installation,” Group-IB said in an analysis published last week. “Now, adversaries increasingly deploy First seen on…