Tag: rat
-
ClickFix Campaign Targets Hotels, Spurs Secondary Customer Attacks
Attackers compromise hospitality providers with an infostealer and RAT malware and then use stolen data to launch a phishing attacks against customers via both email and WhatsApp. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/clickfix-targets-hotels-secondary-customer-attacks
-
ValleyRAT Campaign Targets Windows via WeChat and DingTalk
A sophisticated Windows remote-access trojan known as ValleyRAT has emerged as a high-confidence indicator of targeted intrusions against Chinese-language users and organizations. ValleyRAT’s operational model relies on a carefully orchestrated delivery chain comprising four distinct components: the downloader, loader, injector, and RAT payload. First observed in early 2023, this multi-stage malware combines advanced evasion techniques,…
-
ValleyRAT Campaign Targets Windows via WeChat and DingTalk
A sophisticated Windows remote-access trojan known as ValleyRAT has emerged as a high-confidence indicator of targeted intrusions against Chinese-language users and organizations. ValleyRAT’s operational model relies on a carefully orchestrated delivery chain comprising four distinct components: the downloader, loader, injector, and RAT payload. First observed in early 2023, this multi-stage malware combines advanced evasion techniques,…
-
EndClient RAT Leverages Compromised Code-Signing to Slip Past Antivirus
A sophisticated Remote Access Trojan (RAT) is actively targeting North Korean Human Rights Defenders (HRDs) through a campaign leveraging stolen code-signing certificates to evade antivirus detection. The newly discovered >>EndClient RAT,>StressClear.msi,
-
EndClient RAT Leverages Compromised Code-Signing to Slip Past Antivirus
A sophisticated Remote Access Trojan (RAT) is actively targeting North Korean Human Rights Defenders (HRDs) through a campaign leveraging stolen code-signing certificates to evade antivirus detection. The newly discovered >>EndClient RAT,>StressClear.msi,
-
North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT
The post North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-korean-apts-upgrade-arsenal-kimsuky-uses-stealthy-httptroy-lazarus-deploys-new-blindingcan-rat/
-
Chinese hackers target Western diplomats using hardpatch Windows shortcut flaw
Tags: access, attack, china, control, cyber, endpoint, exploit, flaw, group, hacker, intelligence, mitigation, monitoring, rat, russia, threat, ukraine, update, vulnerability, windowsMitigation: In the absence of a patch, organizations worried about .LNK attacks should consider blocking .LNK files or disabling their execution in Windows Explorer, Arctic Wolf advised.”This should be put in place across all Windows systems, prioritizing endpoints used by personnel with access to sensitive diplomatic or policy information. While this vulnerability was disclosed in…
-
ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising
The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering.This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s First…
-
PureHVNC RAT Distributed via Weaponized Judicial Documents
The campaign leverages judicial document themes to distribute Hijackloader malware, which subsequently deploys PureHVNC remote access trojan (RAT)”, marking the first observed instance where this combination has been used against Spanish-speaking users in Latin America. The campaign represents a significant tactical shift for threat actors operating in the region. Hijackloader, previously documented in campaigns targeting…
-
New Atroposia RAT Surfaces on Dark Web
Atroposia is a newly discovered modular RAT that uses encrypted channels and advanced theft capabilities to target credentials and crypto wallets First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/new-atroposia-rat-surfaces-on-dark/
-
New Atroposia RAT Uses Hidden Remote Desktop, Vulnerability Scanning and Advanced Persistence
Tags: access, credentials, cyber, cyberattack, cybercrime, malware, marketplace, network, rat, theft, vulnerabilityA sophisticated new remote access trojan called Atroposia has emerged in underground cybercrime marketplaces, offering attackers a comprehensive toolkit for hidden remote desktop access, credential theft, and network manipulation at an accessible price point. Security researchers at Varonis recently discovered the malware being promoted on underground forums, highlighting how advanced cyberattack capabilities are increasingly packaged…
-
Atroposia malware kit lowers the bar for cybercrime, and raises the stakes for enterprise defenders
Tags: apt, authentication, automation, ciso, credentials, crime, cybercrime, defense, detection, dns, endpoint, infrastructure, mail, malicious, malware, mfa, monitoring, rat, service, spam, threat, tool, update, vulnerabilityRAT toolkits proliferating: Atroposia is one of a growing number of RAT tools targeting enterprises; Varonis has also recently discovered SpamGPT and MatrixPDF, a spam-as-a-service platform and malicious PDF builder, respectively.Shipley noted that these types of packages which identify additional avenues to maintain persistence have been around for some time; Mirai, which goes back to…
-
Attackers Sell Turnkey Remote Access Trojan ‘Atroposia’
Atroposia, a new RAT malware, offers low-level cybercriminal affiliates the ability to utilize sophisticated stealth and persistence capabilities. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/attackers-sell-turnkey-remote-access-trojan-atroposia
-
Attackers Sell Turnkey Remote Access Trojan ‘Atroposia’
Atroposia, a new RAT malware, offers low-level cybercriminal affiliates the ability to utilize sophisticated stealth and persistence capabilities. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/attackers-sell-turnkey-remote-access-trojan-atroposia
-
Linux RATs on Windows: Ransomware Actors Target VMware Deployments
The Agenda ransomware group has evolved its attack methodology with a sophisticated technique that deploys Linux ransomware variants directly on Windows systems, challenging traditional endpoint security controls. The attack represents a significant tactical evolution in ransomware deployment strategies. Threat actors utilized WinSCP for secure file transfer to move Linux ransomware binaries onto Windows machines, then…
-
Linux RATs on Windows: Ransomware Actors Target VMware Deployments
The Agenda ransomware group has evolved its attack methodology with a sophisticated technique that deploys Linux ransomware variants directly on Windows systems, challenging traditional endpoint security controls. The attack represents a significant tactical evolution in ransomware deployment strategies. Threat actors utilized WinSCP for secure file transfer to move Linux ransomware binaries onto Windows machines, then…
-
PhantomCaptcha Spyware Targets Ukraine NGOs with Fake Cloudflare Lure to Deploy WebSocket RAT
The post PhantomCaptcha Spyware Targets Ukraine NGOs with Fake Cloudflare Lure to Deploy WebSocket RAT appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/phantomcaptcha-spyware-targets-ukraine-ngos-with-fake-cloudflare-lure-to-deploy-websocket-rat/
-
PhantomCaptcha RAT Attack Targets Aid Groups Supporting Ukraine
SentinelLABS’ research reveals PhantomCaptcha, a highly coordinated, one-day cyber operation on Oct 8, 2025, targeting the International Red Cross, UNICEF, and Ukraine government groups using fake emails and a Remote Access Trojan (RAT) linked to Russian infrastructure. First seen on hackread.com Jump to article: hackread.com/phantomcaptcha-rat-attack-targets-ukraine/
-
New Python-Based RAT Disguised as Minecraft App Steals Sensitive User Data
Threat researchers at Netskope have uncovered a sophisticated new Remote Access Trojan (RAT) written in Python that masquerades as >>Nursultan Client,
-
PhantomCaptcha RAT Uses Weaponized PDFs and “ClickFix” Cloudflare CAPTCHA Pages to Deliver Malware
A sophisticated spearphishing campaign has targeted humanitarian organizations working on Ukrainian war relief efforts, employing weaponized PDFs and fake Cloudflare captcha pages to deploy a custom remote access trojan. The PhantomCaptcha campaign, launched on October 8th, 2025, specifically targeted individual members of the International Committee of the Red Cross, United Nations Children’s Fund (UNICEF) Ukraine…
-
PhantomCaptcha RAT Uses Weaponized PDFs and “ClickFix” Cloudflare CAPTCHA Pages to Deliver Malware
A sophisticated spearphishing campaign has targeted humanitarian organizations working on Ukrainian war relief efforts, employing weaponized PDFs and fake Cloudflare captcha pages to deploy a custom remote access trojan. The PhantomCaptcha campaign, launched on October 8th, 2025, specifically targeted individual members of the International Committee of the Red Cross, United Nations Children’s Fund (UNICEF) Ukraine…
-
PhantomCaptcha targets Ukraine relief groups with WebSocket RAT in October 2025
PhantomCaptcha phishing campaign hit Ukraine relief groups with a WebSocket RAT on Oct 8, 2025, targeting Red Cross, UNICEF, and others. SentinelOne researchers uncovered PhantomCaptcha, a coordinated spear-phishing campaign on October 8, 2025, targeting Ukraine war relief groups, including Red Cross, UNICEF, NRC, and local administrations. Threat actors used fake emails to deploy a WebSocket-based…
-
North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module
The post North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-waterplum-apt-deploys-node-js-ottercandy-rat-for-crypto-theft-with-anti-forensic-module/
-
Winos 4.0 hackers expand to Japan and Malaysia with new malware
Winos 4.0 hackers expand from China, Taiwan to Japan, Malaysia using fake Finance Ministry PDFs to spread HoldingHands RAT malware. Threat actors behind Winos 4.0 (ValleyRAT) have expanded their attacks from China and Taiwan to Japan and Malaysia, using PDFs disguised as documents from the Finance Ministry to deliver malware. Attackers employed another remote access…
-
Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT
The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with another remote access trojan (RAT) tracked as HoldingHands RAT (aka Gh0stBins).”The campaign relied on phishing emails with PDFs that contained embedded malicious links,” Pei Han Liao, researcher…
-
ClickFake Interview Campaign Used by Threat Actors to Deliver OtterCandy Malware
A North Korean-linked group, WaterPlum’s Cluster B, has evolved its tactics by introducing OtterCandy”, a Node.jsbased RAT and information stealer”, through the ClickFake Interview campaign, with significant enhancements observed in August 2025. This threat actor, attributed to North Korea, orchestrated two primary campaigns: Contagious Interview and ClickFake Interview. Although multiple clusters operate under the WaterPlum…
-
North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft
The post North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-famous-chollima-apt-uses-trojanized-node-js-app-to-deploy-ottercookie-rat-for-crypto-theft/
-
ThreatsDay Bulletin: $15B Crypto Bust, Satellite Spying, Billion-Dollar Smishing, Android RATs & More
The online world is changing fast. Every week, new scams, hacks, and tricks show how easy it’s become to turn everyday technology into a weapon. Tools made to help us work, connect, and stay safe are now being used to steal, spy, and deceive.Hackers don’t always break systems anymore, they use them. They hide inside…
-
ThreatsDay Bulletin: $15B Crypto Bust, Satellite Spying, Billion-Dollar Smishing, Android RATs & More
The online world is changing fast. Every week, new scams, hacks, and tricks show how easy it’s become to turn everyday technology into a weapon. Tools made to help us work, connect, and stay safe are now being used to steal, spy, and deceive.Hackers don’t always break systems anymore, they use them. They hide inside…