Tag: rat
-
Fake Docusign Pages Deliver Multi-Stage NetSupport RAT Malware
Malware campaign used fake DocuSign pages to deploy NetSupport RAT through clipboard manipulation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fake-docusign-pages-deliver-rat/
-
Interlock Ransomware Deploys New NodeSnake RAT in UK Attacks
Quorum Cyber identifies two new NodeSnake RAT variants, strongly attributed to Interlock ransomware, impacting UK higher education and local government. First seen on hackread.com Jump to article: hackread.com/interlock-ransomware-new-nodesnake-rat-in-uk-attacks/
-
PureHVNC RAT distributed via job lures in new phishing attack
First seen on scworld.com Jump to article: www.scworld.com/brief/purehvnc-rat-distributed-via-job-lures-in-new-phishing-attack
-
Corrupted headers conceal novel Windows RAT
First seen on scworld.com Jump to article: www.scworld.com/brief/corrupted-headers-conceal-novel-windows-rat
-
Hackers Use Gh0st RAT to Hijack Internet Café Systems for Crypto Mining
Hackers have been targeting Internet cafés in South Korea since the second half of 2024, exploiting specialized management software to install malicious tools for cryptocurrency mining. According to a detailed report from AhnLab SEcurity intelligence Center (ASEC), the attackers, active since 2022, are using the notorious Gh0st RAT (Remote Access Trojan) to seize control of…
-
Novel NodeSnake RAT deployed in university-targeted Interlock ransomware intrusions
First seen on scworld.com Jump to article: www.scworld.com/brief/novel-nodesnake-rat-deployed-in-university-targeted-interlock-ransomware-intrusions
-
PureHVNC RAT Uses Fake Job Offers and PowerShell to Evade Security Defenses
A new and highly evasive malware campaign delivering the PureHVNC Remote Access Trojan (RAT) has been identified by Netskope Threat Labs, showcasing a complex multi-layer infection chain designed to bypass modern security defenses. This campaign, active in 2024, leverages fake job offers from well-known global brands like Bershka, Fragrance Du Bois, John Hardy, and Dear…
-
Interlock Ransomware Uses NodeSnake RAT for Persistent Access to Corporate Networks
In a two UK-based universities have fallen victim to a sophisticated Remote Access Trojan (RAT) dubbed NodeSnake within the past two months. According to analysis by Quorum Cyber’s Threat Intelligence (QCTI) team Report, this malware, likely deployed by the ransomware group Interlock, showcases advanced capabilities for persistent access and network infiltration. Emerging Threat Targets Higher…
-
New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers
Cybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with corrupted DOS and PE headers, according to new findings from Fortinet.The DOS (Disk Operating System) and PE (Portable Executable) headers are essential parts of a Windows PE file, providing information about the executable.While the DOS header makes the executable file…
-
Malware Analysis Reveals Sophisticated RAT With Corrupted Headers
Fortinet has identified a new Windows RAT operating stealthily on compromised systems with advanced evasion techniques First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/rat-corrupted-headers/
-
Interlock ransomware gang deploys new NodeSnake RAT on universities
The Interlock ransomware gang is deploying a previously undocumented remote access trojan (RAT) named NodeSnake against educational institutes for persistent access to corporate networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/interlock-ransomware-gang-deploys-new-nodesnake-rat-on-universities/
-
Crooks use a fake antivirus site to spread Venom RAT and a mix of malware
Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. DomainTools Intelligence (DTI) researchers warn of a malicious campaign using a fake website (“bitdefender-download[.]com”) spoofing Bitdefender’s Antivirus for Windows download page to trick visitors into downloading a remote access trojan called Venom RAT. >>A malicious campaign…
-
New Phishing Campaign Uses DBatLoader to Drop Remcos RAT: What Analysts Need to Know
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings. First seen on hackread.com Jump to article: hackread.com/new-phishing-campaign-dbatloader-drop-remcos-rat/
-
Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets
Tags: access, antivirus, credentials, crypto, cybercrime, cybersecurity, finance, malicious, rat, softwareCybersecurity researchers have disclosed a new malicious campaign that uses a fake website advertising antivirus software from Bitdefender to dupe victims into downloading a remote access trojan called Venom RAT.The campaign indicates a “clear intent to target individuals for financial gain by compromising their credentials, crypto wallets, and potentially selling access to their systems,” the…
-
Silver RAT Malware Employs New Anti-Virus Bypass Techniques to Execute Malicious Activities
A newly identified strain of malware, dubbed Silver RAT, has emerged as a significant threat to cybersecurity, leveraging sophisticated anti-virus bypass techniques to infiltrate and compromise Windows-based systems. This remote access trojan (RAT), believed to be crafted by a highly skilled threat actor or group, demonstrates an alarming ability to evade detection by traditional security…
-
ConnectWise ScreenConnect Tops List of Abused RATs in 2025 Attacks
Cofense Intelligence’s May 2025 report exposes how cybercriminals are abusing legitimate Remote Access Tools (RATs) like ConnectWise and Splashtop to deliver malware and steal data. Learn about this growing threat. First seen on hackread.com Jump to article: hackread.com/connectwise-screenconnect-tops-abused-rats-2025/
-
RAT malware spread via bogus Kling AI ads
First seen on scworld.com Jump to article: www.scworld.com/brief/rat-malware-spread-via-bogus-kling-ai-ads
-
Fake Kling AI Facebook Ads Deliver RAT Malware to Over 22 Million Potential Victims
Counterfeit Facebook pages and sponsored ads on the social media platform are being employed to direct users to fake websites masquerading as Kling AI with the goal of tricking victims into downloading malware.Kling AI is an artificial intelligence (AI)-powered platform to synthesize images and videos from text and image prompts. Launched in June 2024, it’s…
-
Kimsuky APT Group Deploys PowerShell Payloads to Deliver XWorm RAT
Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by the notorious Kimsuky Advanced Persistent Threat (APT) group, deploying intricately crafted PowerShell payloads to deliver the XWorm Remote Access Trojan (RAT). This operation showcases the group’s advanced tactics, leveraging encoded scripts and multi-stage attack chains to infiltrate systems, bypass traditional security mechanisms, and establish covert…
-
Updated Remcos RAT deployed in fileless intrusion
Tags: ratFirst seen on scworld.com Jump to article: www.scworld.com/brief/updated-remcos-rat-deployed-in-fileless-intrusion
-
Fileless PowerShell Loader Deploys Remcos RAT
Attack Chain Uses LNK Files, MSHTA and Memory Injection. PowerShell is becoming hackers’ new favorite tool since they can load code directly into computer memory and evade traditional file-based detection methods, warn security researchers. A combination of LNK-MSHTA-PowerShell offers a stealthy and effective path to execution. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/fileless-powershell-loader-deploys-remcos-rat-a-28420
-
Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
Cybersecurity researchers have shed light on a new malware campaign that makes use of a PowerShell-based shellcode loader to deploy a remote access trojan called Remcos RAT.”Threat actors delivered malicious LNK files embedded within ZIP archives, often disguised as Office documents,” Qualys security researcher Akshay Thorve said in a technical report. “The attack chain leverages…
-
Fileless Remcos RAT Attack Evades Antivirus Using PowerShell Scripts
A new wave of attacks uses PowerShell and LNK files to secretly install Remcos RAT, enabling full remote… First seen on hackread.com Jump to article: hackread.com/fileless-remcos-rat-attack-antivirus-powershell-scripts/
-
PowerShell-Based Loader Deploys Remcos RAT in New Fileless Attack
A stealthy fileless PowerShell attack using Remcos RAT bypassed antivirus by operating in memory First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/powershell-loader-deploys-remcos/
-
Stealth RAT uses a PowerShell loader for fileless attacks
Threat actors have been spotted using a PowerShell-based shellcode loader to stealthily deploy Remcos RAT, a popular espionage-ready tool in line with a broader shift toward fileless techniques.As discovered by Qualys, the campaign executes a number of steps to phish an obfuscated .HTA (HTML Application) file that runs layered PowerShell scripts entirely in memory.”The attackers…
-
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-dayExecutive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
-
Malicious .NET files conceal RATs in bitmap images
First seen on scworld.com Jump to article: www.scworld.com/news/malicious-net-files-conceal-rats-in-bitmap-images
-
Popular npm package compromised with RAT in supply chain attack
First seen on scworld.com Jump to article: www.scworld.com/brief/popular-npm-package-compromised-with-rat-in-supply-chain-attack
-
RAT-laced PyPI package sets sights on Discord developers
First seen on scworld.com Jump to article: www.scworld.com/brief/rat-laced-pypi-package-sets-sights-on-discord-developers
-
ScreenConnect RAT deployed using bogus Social Security emails
First seen on scworld.com Jump to article: www.scworld.com/brief/screenconnect-rat-deployed-using-bogus-social-security-emails