Tag: rat
-
Malicious PyPi package hides RAT malware, targets Discord devs since 2022
A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-pypi-package-hides-rat-malware-targets-discord-devs-since-2022/
-
Fake SSA Emails Trick Users into Installing ScreenConnect RAT
Cybercriminals are using fake Social Security Administration emails to distribute the ScreenConnect RAT (Remote Access Trojan) and compromise… First seen on hackread.com Jump to article: hackread.com/fake-ssa-emails-trick-users-installing-screenconnect-rat/
-
RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals
The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu, has been targeting UK companies in the retail, hospitality, and critical national infrastructure (CNI) sectors in a recently discovered cyber espionage and profit-driven operation called >>Operation Deceptive Prospect.
-
Experts shared update C2 domains and other artifacts related to recent MintsLoader attacks
MintsLoader is a malware loader delivering the GhostWeaver RAT via a multi-stage chain using obfuscated JavaScript and PowerShell. Recorded Future researchers observed MintsLoader delivering payloads like GhostWeaver via obfuscated scripts, evading detection with sandbox/VM checks, and uses DGA and HTTP C2. MintsLoader is a malware loader that was first spotted in 2024, the loader has…
-
Nebulous Mantis hackers have Deployed the RomCom RAT globally, Targeting organizations.
Nebulous Mantis, also known as Cuba, STORM-0978, Tropical Scorpius, and UNC2596, is a Russian-speaking cyber espionage group that has been actively deploying the RomCom remote access trojan (RAT) in targeted campaigns since mid-2019. The group primarily focuses on critical infrastructure, government agencies, political leaders, and organizations related to NATO. Their operations are characterized by the…
-
Russia-linked group Nebulous Mantis targets NATO-related defense organizations
Tags: apt, cyber, data, defense, espionage, government, group, infrastructure, phishing, rat, russia, spear-phishingPRODAFT researchers warn of Russia-linked APT group Nebulous Mantis targeting NATO-related defense organizations Nebulous Mantis, a Russian-speaking cyber espionage group (aka Cuba, STORM-0978, Tropical Scorpius, UNC2596), used RomCom RAT and Hancitor since 2019 to target critical infrastructure, governments, and NATO-linked entities. Since mid-2022, they’ve deployed RomCom via spear-phishing for espionage, lateral movement, and data theft.…
-
Nebulous Mantis Targets NATO-Linked Entities with Multi-Stage Malware Attacks
Tags: access, attack, communications, control, cyber, cybersecurity, espionage, group, infrastructure, malware, rat, russia, tacticsCybersecurity researchers have shed light on a Russian-speaking cyber espionage group called Nebulous Mantis that has deployed a remote access trojan called RomCom RAT since mid-2022.RomCom “employs advanced evasion techniques, including living-off-the-land (LOTL) tactics and encrypted command and control (C2) communications, while continuously evolving its infrastructure leveraging First seen on thehackernews.com Jump to article: thehackernews.com/2025/04/nebulous-mantis-targets-nato-linked.html
-
Python-Based Discord RAT Enables Remote Control and Disruption Through a Simple Interface
A newly analyzed Python-based Remote Access Trojan (RAT) has emerged as a significant cybersecurity threat, utilizing Discord as its command-and-control (C2) platform. Disguised as a benign script, this malware transforms the popular communication tool into a hub for malicious operations, allowing attackers to remotely control infected systems with alarming ease. By exploiting Discord’s encrypted traffic…
-
Chinese hackers target Russian govt with upgraded RAT malware
Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-target-russian-govt-with-upgraded-rat-malware/
-
Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader.”Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution,” Palo Alto Networks Unit 42 researcher Saqib Khanzada said in a technical write-up of the campaign.The First…
-
IronHusky APT Resurfaces with Evolved MysterySnail RAT
In a newly released report, Kaspersky’s Global Research and Analysis Team (GReAT) has revealed the resurgence of IronHusky, First seen on securityonline.info Jump to article: securityonline.info/ironhusky-apt-resurfaces-with-evolved-mysterysnail-rat/
-
Neue ResolverRAT-Malware zielt auf Gesundheitsbranche
Der neue Remote Access Trojaner ResolverRAT nutzt DLL-Side-Loading-Probleme aus.Forscher von Morphisec haben einen neuen Remote Access Trojaner (RAT) mit dem Namen ResolverRAT entdeckt, der über Phishing-E-Mails mit bösartigen Anhängen verbreitet wird. Die Angreifer nutzen dabei als Köder Begriffe wie Urheberrechtsverletzungen, verschiedene Rechtsverstöße und laufende Ermittlungen. Die E-Mails sind in mehreren Sprachen verfasst, darunter Englisch, Hindi,…
-
UNC5174: Chinese Threat Actor Deploys New VShell RAT in Campaign
The Sysdig Threat Research Team (TRT) has uncovered a new campaign by the Chinese state-sponsored threat actor UNC5174, First seen on securityonline.info Jump to article: securityonline.info/unc5174-chinese-threat-actor-deploys-new-vshell-rat-in-campaign/
-
New ResolverRAT malware targets healthcare and pharma orgs worldwide
Tags: authentication, control, data, encryption, group, healthcare, infrastructure, malware, monitoring, network, organized, rat, strategy, threat, toolPersistence and stealthy C2 communication: The new RAT employs multiple persistence strategies, including more than 20 obfuscated registry entries and files dropped in multiple folders on disk. The malware keeps a record of which persistence techniques were successful to use them as a fallback mechanism.Communication with the command-and-control (C2) server uses TLS encryption with a…
-
Chinese Hackers Deploy Stealthy Fileless VShell RAT
Malware Hides in Memory, Evades Detection by Endpoint Tools. A Chinese state-backed hacking group tracked as UNC5174 relaunched its operations after a year of silence with a campaign using a memory-only remote access Trojan that evades traditional detection mechanisms, according to new research from cybersecurity firm Sysdig. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-hackers-deploy-stealthy-fileless-vshell-rat-a-28012
-
A New ‘It RAT’: Stealthy ‘Resolver’ Malware Burrows In
A new infostealer on the market is making big waves globally, replacing Lumma et al. in attacks and employing so many stealth, persistence, and anti-analysis tricks that it’s downright difficult to count them all. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/it-rat-stealthy-resolver-malware
-
Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT
A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family called CurlBack RAT.The activity, detected by SEQRITE in December 2024, targeted Indian entities under railway, oil and gas, and external affairs ministries, marking an…
-
Scattered Spider persists with use of Spectre RAT, new phishing kit
First seen on scworld.com Jump to article: www.scworld.com/news/scattered-spider-persists-with-use-of-spectre-rat-new-phishing-kit
-
Blackhat: Wie realistisch ist der neue Film von Michael Mann?
Der Hackerfilm Blackhat nutzt definitiv eine Cybersicherheits-Sprache mit echten Begriffen wie: Malware, Proxy, Server, Zero Day, Payload, RAT, Edge Router, IP-Adresse, PLC, Bluetooth, Android, PGP, Bulletproof Host und USB, um nur ein paar zu nennen. Aber wie realistisch ist die Geschichte des Films tatsächlich? First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/01/30/blackhat-wie-realistisch-ist-der-neue-film-von-michael-mann/
-
G20 Gipfel als Köder: Gh0st-RAT greift tibetische Aktivisten an
Es ist wohlbekannt, dass ATP-Akteure wichtige Ereignisse gern ausnutzen, um zielgerichtete Angriffe durchzuführen. Ebenso berüchtigt sind Attacken gegen tibetische NGOs. Aus diesem Grund sind wir davon ausgegangen, dass im Vorfeld des G20 Gipfels einige zielgerichtete Bedrohungen zu sehen sein würden. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2014/11/17/g20-gipfel-als-koder-gh0st-rat-greift-tibetische-aktivisten/
-
Neptune RAT spreads across GitHub, Telegram, and YouTube
First seen on scworld.com Jump to article: www.scworld.com/news/neptune-rat-spreads-across-github-telegram-and-youtube
-
Novel Neptune RAT variant sets sights on Windows
First seen on scworld.com Jump to article: www.scworld.com/brief/novel-neptune-rat-variant-sets-sights-on-windows
-
Dangerous, Windows-Hijacking Neptune RAT Scurries Into Telegram, YouTube
The malware’s creators insist a new open source version of Neptune is for educational use by pen testers, but a raft of sophisticated backdoor and evasion capabilities says otherwise. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/windows-hijacking-neptune-rat-telegram-youtube
-
Scattered Spider stops the Rickrolls, starts the RAT race
Tags: ratDespite arrests, eight-legged menace targeted more victims this year First seen on theregister.com Jump to article: www.theregister.com/2025/04/08/scattered_spider_updates/
-
Neptune RAT Variant Spreads via YouTube to Steal Windows Passwords
A new Neptune RAT variant is being shared via YouTube and Telegram, targeting Windows users to steal passwords and deliver additional malware components. First seen on hackread.com Jump to article: hackread.com/neptune-rat-variant-youtube-steal-windows-passwords/
-
NEPTUNE RAT Targets Windows Users, Steals Passwords from 270+ Applications
A recent cyber threat named Neptune RAT has emerged as a rising concern for Windows users, targeting sensitive data and exhibiting advanced malicious capabilities. CYFIRMA researchers have identified the latest version of this Remote Access Trojan (RAT), revealing alarming details about its distribution, functionality, and impact on compromised systems. Technical Overview of Neptune RAT Neptune…
-
Hackers Selling SnowDog RAT Malware With Remote Control Capabilities Online
A sophisticated remote access trojan (RAT) dubbedSnowDoghas surfaced on underground cybercrime forums, prompting alarms among cybersecurity experts. Advertised as a tool for “corporate espionage and advanced intrusions,” the malware is being sold by an unidentified threat actor with claims of stealth, evasion, and remote control capabilities. The SnowDog RAT: Features and Risks The seller claims…
-
Ongoing Gamaredon phishing campaign targets Ukraine with Remcos RAT
First seen on scworld.com Jump to article: www.scworld.com/brief/ongoing-gamaredon-phishing-campaign-targets-ukraine-with-remcos-rat