Tag: rat
-
New GodRAT Malware Uses Screensaver and Program Files to Target Organizations
Threat actors have been deploying a novel Remote Access Trojan (RAT) dubbed GodRAT, derived from the venerable Gh0st RAT codebase, to infiltrate financial institutions, particularly trading and brokerage firms. The malware is distributed via Skype as malicious .scr (screensaver) and .pif (Program Information File) executables masquerading as legitimate financial documents, such as client lists or…
-
New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code
Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access trojan called GodRAT.The malicious activity involves the “distribution of malicious .SCR (screen saver) files disguised as financial documents via Skype messenger,” Kaspersky researcher Saurabh Sharma said in a technical analysis published today.The First seen…
-
Ein Viertel der CISOs wird nach Ransomware-Angriff entlassen
Tags: backup, ceo, cio, ciso, cyberattack, group, incident response, mail, phishing, ransomware, rat, risk, sophos, vulnerabilityNach einem Ransomware-Angriff werden CISOs oft dafür verantwortlich gemacht und gekündigt. Laut einem aktuellen Bericht von Sophos haben CISOs eine Chance von eins zu vier, dass ihr Arbeitsplatz einen erfolgreichen Ransomware-Angriff nicht übersteht. Die Ergebnisse des Berichts sind ein Weckruf für Sicherheitsverantwortliche, unabhängig davon, ob sie für solche Angriffe verantwortlich gemacht werden oder über die…
-
Watchguard zur it-sa 2025 Real-Security for the Real-World
Von Firecloud-Internet-Access über Total-MDR bis hin zu den zuletzt vorgestellten Modellen der Watchguard-Tabletop-Firewall-Appliances: Alle Lösungen, mit denen Watchguard sein Produktportfolio in jüngster Zeit ergänzt hat, folgen nur einem Ziel. Es geht darum, den Alltag von IT-Verantwortlichen in mittelständischen Unternehmen und Managed-Security-Providern (MSP), die diesen mit Rat und Tat zur Seite stehen, zu vereinfachen. Die neuen…
-
Popular npm Package Compromised in Phishing Attack
An incident involving the npm package eslint-config-prettier has been uncovered spreading Scavenger RAT First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/popular-npm-package-compromised-in/
-
How Evolving RATs Are Redefining Enterprise Security Threats
A more unified and behavior-aware approach to detection can significantly improve security outcomes. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/evolving-rats-redefine-enterprise-security-threats
-
Lazarus Hackers Use Fake Camera/Microphone Alerts to Deploy PyLangGhost RAT
North Korean state-sponsored threat actors associated with the Lazarus Group, specifically the subgroup known as Famous Chollima, have evolved their tactics by deploying a new Python-based remote access trojan (RAT) dubbed PyLangGhost. This malware represents a reimplementation of the earlier GoLangGhost RAT, exhibiting code structures indicative of AI-assisted porting, including Go-like logic patterns and extensive…
-
Discord CDN Link Abused to Deliver RAT Disguised as OneDrive File
Hackers are installing multiple RMMs like Atera and Splashtop in a new malware attack. This article details the abuse of Discord CDN link andn fake OneDrive phishing campaign discovered by Sublime Security. First seen on hackread.com Jump to article: hackread.com/discord-cdn-link-deliver-rat-disguised-onedrive-file/
-
PlayPraetor Android RAT expands rapidly across Spanish and French-speaking regions
PlayPraetor Android RAT has hit 11K+ devices, spreading fast via campaigns targeting Spanish and French speakers, say Cleafy researchers. Cleafy researchers have identified a new Android RAT called PlayPraetor, which has infected over 11,000 devices, mainly in Portugal, Spain, France, Morocco, Peru, and Hong Kong. The malware is spreading rapidly, with more than 2,000 new…
-
SAP NetWeaver Vulnerability Used in Auto-Color Malware Attack on US Firm
Darktrace uncovers the first exploit of a critical SAP NetWeaver vulnerability (CVE-2025-31324) to deploy Auto-Color backdoor malware. Learn how this evasive Linux RAT targets systems for remote code execution and how AI-powered defence thwarts multi-stage attacks. First seen on hackread.com Jump to article: hackread.com/sap-netweaver-vulnerability-auto-color-malware-us-firm/
-
Auto-Color RAT targets SAP NetWeaver bug in an advanced cyberattack
Tags: access, ai, attack, cvss, cyberattack, cybersecurity, detection, dns, flaw, malicious, malware, network, rat, sap, update, vulnerability, zero-trustThe attack stopped in its tracks: Darktrace analysts detected the suspicious ELF download and a flurry of odd DNS and SSL connections to known malicious infrastructure. The British cybersecurity outfit claims its “Autonomous Response” intervened within minutes, restricting the device to its usual, legitimate activities while analysts investigated unusual behavior.Darktrace researchers said the malware stalled…
-
‘It looks sexy but it’s wrong’ the problem with AI in biology and medicine
The case of the improbably well-endowed rat First seen on theregister.com Jump to article: www.theregister.com/2025/07/27/biomedviz_ai_wrong_problems/
-
Seeing is believing in biomedicine, which isn’t great when AI gets it wrong
‘It looks sexy but it’s wrong’ – like the improbably well-endowed rat First seen on theregister.com Jump to article: www.theregister.com/2025/07/27/biomedviz_ai_wrong_problems/
-
Russian-Aligned Hive0156 Escalates Remcos RAT Attacks on Ukrainian Government Military
The post Russian-Aligned Hive0156 Escalates Remcos RAT Attacks on Ukrainian Government Military appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/russian-aligned-hive0156-escalates-remcos-rat-attacks-on-ukrainian-government-military/
-
Credential Theft and Remote Access Surge as AllaKore, PureRAT, and Hijack Loader Proliferate
Mexican organizations are still being targeted by threat actors to deliver a modified version of AllaKore RAT and SystemBC as part of a long-running campaign. The activity has been attributed by Arctic Wolf Labs to a financially motivated hacking group called Greedy Sponge. It’s believed to be active since early 2021, indiscriminately targeting a wide…
-
Financial Institutions Under Siege by Greedy Sponge Hackers’ Modified AllaKore RAT
A financially motivated threat actor, now identified as Greedy Sponge, has been relentlessly targeting Mexican organizations with a customized version of the AllaKore Remote Access Trojan (RAT). Named for its monetary focus and a past reference to a popular “SpongeBob” meme on its command-and-control (C2) infrastructure, this group has evolved its tactics over the years.…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 54
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape KongTuke FileFix Leads to New Interlock RAT Variant Code highlighting with Cursor AI for $500,000 Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader Threat Analysis: SquidLoader Still Swimming Under the […]…
-
Arch Linux pulls AUR packages that installed Chaos RAT malware
Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/arch-linux-pulls-aur-packages-that-installed-chaos-rat-malware/
-
UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns
Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 (aka Unknown Group 0002) as part of a broader cyber espionage campaign.”This threat entity demonstrates a strong preference for using shortcut files (LNK), VBScript, and post-exploitation tools such as Cobalt Strike and Metasploit, while consistently…
-
AsyncRAT evolves as ESET tracks its most popular malware forks
AsyncRAT is an open-source remote access trojan that first appeared on GitHub in 2019. It includes a range of typical RAT capabilities, such as keylogging, screen capture, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/15/asyncrat-forks-eset-research/
-
Web-Inject Campaign Debuts Fresh Interlock RAT Variant
A cyber-threat campaign is using legitimate websites to inject victims with remote access Trojans belonging to the Interlock ransomware group, in order to gain control of devices. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/web-inject-campaign-interlock-rat-variant
-
New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries
Threat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan (RAT) as part of a widespread campaign using a variant of ClickFix called FileFix.”Since May 2025, activity related to the Interlock RAT has been observed in connection with the LandUpdate808 (aka KongTuke) web-inject threat clusters,” The…
-
Interlock ransomware group deploys new PHP-based RAT via FileFix
Interlock ransomware group deploys new PHP-based RAT via FileFix (a ClickFix variant) in a widespread campaign targeting multiple industries. The Interlock ransomware group is deploying a new PHP-based variant of the Interlock RAT in a broad campaign. According to researchers from the DFIR Report, in partnership with Proofpoint, it uses a delivery method known as FileFix,…
-
Interlock Ransomware Unleashes New RAT in Widespread Campaign
Interlock ransomware continues to develop custom tooling and a new RAT has been detected by researchers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/interlock-ransomware-new-rat/
-
KongTuke Campaign Deploys Modified Interlock RAT Using FileFix Method Against Windows Environments
Researchers from The DFIR Report, collaborating with Proofpoint, have uncovered a resilient PHP-based variant of the Interlock ransomware group’s remote access trojan (RAT), marking a significant evolution from the previously documented JavaScript-driven NodeSnake. This adaptation, observed in campaigns linked to the LandUpdate808 threat cluster also known as KongTuke has been active since May 2025, exploiting…
-
NetSupport RAT Spreads Through Compromised WordPress Sites Using ClickFix Technique
The Cybereason Global Security Operations Center (GSOC) has uncovered a sophisticated campaign by threat actors who are exploiting compromised WordPress websites to distribute malicious versions of the legitimate NetSupport Manager Remote Access Tool (RAT). This campaign, detailed in a recent report, employs phishing emails, PDF attachments, and even gaming websites to lure unsuspecting users into…
-
XWorm RAT Deploys New Stagers and Loaders to Bypass Defenses
The XWorm Remote Access Trojan (RAT), a longstanding favorite among cybercriminals, has recently showcased a significant evolution in its attack methodology, employing an array of sophisticated stagers and loaders to evade detection and infiltrate systems. Known for its comprehensive malicious capabilities including keylogging, remote desktop access, data exfiltration, and command execution XWorm has become a…
-
TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors
A hacking group with ties other than Pakistan has been found targeting Indian government organizations with a modified variant of a remote access trojan (RAT) called DRAT.The activity has been attributed by Recorded Future’s Insikt Group to a threat actor tracked as TAG-140, which it said overlaps with SideCopy, an adversarial collective assessed to be…