Tag: rat
-
GhostBat RAT Returns with Fake RTO Apps Targeting Indian Android Users with Telegram Bot-Driven Malware
A new trend of Android malware is sweeping across India, leveraging the guise of Regional Transport Office (RTO) apps to steal financial data, mine cryptocurrency, and exfiltrate SMS messages, all while secretly registering infected devices through Telegram bots. Known as GhostBat RAT, this new malware campaign has recently resurfaced. First seen on thecyberexpress.com Jump to article:…
-
GhostBat RAT Returns with Fake RTO Apps Targeting Indian Android Users with Telegram Bot-Driven Malware
A new trend of Android malware is sweeping across India, leveraging the guise of Regional Transport Office (RTO) apps to steal financial data, mine cryptocurrency, and exfiltrate SMS messages, all while secretly registering infected devices through Telegram bots. Known as GhostBat RAT, this new malware campaign has recently resurfaced. First seen on thecyberexpress.com Jump to article:…
-
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users
The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…
-
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users
The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…
-
From infostealer to full RAT: dissecting the PureRAT attack chain
Researchers map a campaign that escalated from a Python infostealer to a full PureRAT backdoor, loaders, evasions, and TLS-pinned C2. Join Huntress Labs’ Tradecraft Tuesday for deep technical walkthroughs and live IOC guidance on the latest cybersecurity topics. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/from-infostealer-to-full-rat-dissecting-the-purerat-attack-chain/
-
Your Shipment Notification is Now a Malware Dropper
Forcepoint X-Labs reports a surge in sophisticated email attacks using obfuscated JavaScript and steganography to deliver dangerous RATs and info-stealers like Formbook and Agent Tesla. Learn how to defend against the threat. First seen on hackread.com Jump to article: hackread.com/your-shipment-notification-malware-dropper/
-
How your mouse could eavesdrop on you and rat you out
Mic-E-Mouse can roar by literally vibe hacking speech First seen on theregister.com Jump to article: www.theregister.com/2025/10/07/mouse_microphone_security/
-
How your mouse could eavesdrop on you and rat you out
Mic-E-Mouse can roar by literally vibe hacking speech First seen on theregister.com Jump to article: www.theregister.com/2025/10/07/mouse_microphone_security/
-
Polymorphic Python Malware That Mutates Every Time It Runs
A newly spotted Python remote access trojan (RAT) on VirusTotal employs advanced polymorphic and self-modifying techniques, allowing it to alter its code signature on every execution and evade detection. Security researchers examining VirusTotal submissions identified a suspicious Python RAT (SHA256:7173e20e7ec217f6a1591f1fc9be6d0a4496d78615cc5ccdf7b9a3a37e3ecc3c) that scored only 2/64 on VT. What sets this sample apart are three distinct function…
-
Polymorphic Python Malware That Mutates Every Time It Runs
A newly spotted Python remote access trojan (RAT) on VirusTotal employs advanced polymorphic and self-modifying techniques, allowing it to alter its code signature on every execution and evade detection. Security researchers examining VirusTotal submissions identified a suspicious Python RAT (SHA256:7173e20e7ec217f6a1591f1fc9be6d0a4496d78615cc5ccdf7b9a3a37e3ecc3c) that scored only 2/64 on VT. What sets this sample apart are three distinct function…
-
Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave
Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to targets.The activity, observed by cybersecurity company Huntress in August 2025, is characterized by the use of an unusual technique called log poisoning (aka log…
-
Open-source monitor turns into an off-the-shelf attack beacon
Tags: api, apt, attack, china, control, hacker, malware, monitoring, open-source, powershell, ransomware, rat, RedTeam, russia, software, threat, tool, windowsRiding Nezha to Ghost RAT: With the web shell in place, the attackers used AntSword to download two components: “live.exe” (the Nezha agent) and a “config.yml” that pointed to the attacker-controlled domain. The Nezha agent connected back to a management server whose dashboard was running in Russian, presumably to throw off attribution.Once Nezha was active,…
-
Nezha Tool Used in New Cyber Campaign Targeting Web Applications
A cyber campaign using Nezha has been identified, targeting vulnerable web apps with PHP web shells and Ghost RAT First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nezha-tool-used-new-cyber-campaign/
-
Nezha Tool Used in New Cyber Campaign Targeting Web Applications
A cyber campaign using Nezha has been identified, targeting vulnerable web apps with PHP web shells and Ghost RAT First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nezha-tool-used-new-cyber-campaign/
-
New ‘Fully Undetectable’ Android RAT Discovered on GitHub
Hosted at the repository “Huckel789/Android-RAT,” this fully undetectable (FUD) RAT is designed to evade antivirus detection permanently, maintain persistence in battery-optimized environments, and deliver a feature-rich command-and-control (C2C) experience entirely from a web interface. This Android RAT sets itself apart by eliminating the traditional requirement for a desktop or laptop in the attack chain. A…
-
New Android RAT Klopatra Targets Financial Data
New Android RAT Klopatra is targeting financial institutions using advanced evasion techniques First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-rat-klopatra-targets/
-
Hackers Use Fake Invoices to Spread XWorm RAT via Office Files
Hackers are sending fake invoice emails with malicious Office files that install the XWorm RAT on Windows systems, allowing full remote access and data theft. Learn how the shellcode and process injection are used to steal data, and how to stay safe from this persistent threat. First seen on hackread.com Jump to article: hackread.com/hackers-fake-invoices-xworm-rat-office-files/
-
Threat Actors Market Stealthy New RAT as Alternative to ScreenConnect FUD
Cybersecurity researchers have identified a concerning development in the underground cybercrime marketplace: a sophisticated Remote Access Trojan (RAT) being marketed as a fully undetectable (FUD) alternative to the legitimate ScreenConnect remote access solution. This emerging threat represents a significant escalation in the professionalization of malware-as-a-service operations, with threat actors specifically targeting the trust associated with…
-
Threat Actors Market Stealthy New RAT as Alternative to ScreenConnect FUD
Cybersecurity researchers have identified a concerning development in the underground cybercrime marketplace: a sophisticated Remote Access Trojan (RAT) being marketed as a fully undetectable (FUD) alternative to the legitimate ScreenConnect remote access solution. This emerging threat represents a significant escalation in the professionalization of malware-as-a-service operations, with threat actors specifically targeting the trust associated with…
-
Weaponized ScreenConnect App Spreads AsyncRAT and PowerShell RAT
Remote Monitoring and Management tools such as ConnectWise ScreenConnect have earned a reputation for simplifying IT administration, but they have also drawn the attention of sophisticated attackers. By abusing ScreenConnect’s trusted installation footprint and deep system privileges, adversaries are now trojanizing installers to deploy dual Remote Access Trojans (RATs)”, AsyncRAT and a custom PowerShell RAT”,…
-
SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers
Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows systems.”SilentSync is capable of remote command execution, file exfiltration, and screen capturing,” Zscaler ThreatLabz’s Manisha Ramcharan Prajapati and Satyam Singh said. “SilentSync also extracts First seen on…
-
Malicious Typosquatted PyPI Packages Spreading SilentSync RAT
On August 4, 2025, Zscaler ThreatLabz uncovered two malicious Python packages”, sisaws and secmeasure”, that deliver SilentSync, a Python-based remote access trojan (RAT), to unsuspecting developers. Both packages leverage typosquatting to impersonate legitimate libraries in the Python Package Index (PyPI), posing a serious supply-chain risk to projects that install them. SilentSync’s versatile capabilities include remote…
-
Malicious Typosquatted PyPI Packages Spreading SilentSync RAT
On August 4, 2025, Zscaler ThreatLabz uncovered two malicious Python packages”, sisaws and secmeasure”, that deliver SilentSync, a Python-based remote access trojan (RAT), to unsuspecting developers. Both packages leverage typosquatting to impersonate legitimate libraries in the Python Package Index (PyPI), posing a serious supply-chain risk to projects that install them. SilentSync’s versatile capabilities include remote…
-
Malicious PyPI Packages Deliver SilentSync RAT
IntroductionZscaler ThreatLabz regularly monitors for threats in the popular Python Package Index (PyPI), which contains open source libraries that are frequently used by many Python developers. In July 2025, a malicious Python package named termncolor was identified by ThreatLabz. Just a few weeks later, on August 4, 2025, ThreatLabz uncovered two more malicious Python packages…
-
TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks
The threat actor known as TA558 has been attributed to a fresh set of attacks delivering various remote access trojans (RATs) like Venom RAT to breach hotels in Brazil and Spanish-speaking markets.Russian cybersecurity vendor Kaspersky is tracking the activity, observed in summer 2025, to a cluster it tracks as RevengeHotels.”The threat actors continue to employ…
-
PureHVNC RAT Developers Exploit GitHub to Spread Pure Malware Source Code
The developers behind the PureHVNC remote access trojan (RAT) have been uncovered using GitHub repositories to host critical components and plugin source code for their Pure malware family. Check Point Research’s recent forensic analysis of an eight-day ClickFix intrusion campaign reveals that PureHVNC’s command-and-control (C&C) server delivered GitHub URLs to infected machines, a practice previously…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 62
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter npm debug and chalk packages compromised GPUGate Malware: Malicious GitHub Desktop Implants Use Hardware-Specific Decryption, Abuse Google Ads to Target Western Europe Trojanized ScreenConnect installers evolve, dropping multiple RATs on a single machine Salt…
-
Stealthy AsyncRAT flees the disk for a fileless infection
Tags: access, best-practice, control, credentials, infection, malicious, malware, monitoring, phishing, powershell, rat, theft, threat, update, windowsRAT with evasion and persistence: Once AsyncRAT was loaded, the attackers took steps to disrupt Windows defenses. The report notes techniques such as disabling Anti-malware Scan Interface (AMSI) and tampering with Event Tracking for Windows (ETW), both critical features for runtime detection. To maintain persistence, they created a scheduled task disguised as “Skype Update,” ensuring…
-
Malware Campaign Uses SVG Email Attachments to Deploy XWorm and Remcos RAT
Recent threat campaigns have revealed an evolving use of BAT-based loaders to deliver Remote Access Trojans (RATs), including XWorm and Remcos. These campaigns typically begin with a ZIP archive”, often hosted on seemingly legitimate platforms such as ImgKit”, designed to entice user interaction by mimicking benign content. Once opened, the archive unpacks a highly obfuscated…
-
Fünf KI-Use-Cases für CISOs
Tags: access, ai, business, ceo, cio, ciso, cybercrime, cybersecurity, cyersecurity, data, framework, google, incident response, mail, microsoft, phishing, rat, risk, risk-management, service, siem, soc, tool, vpn, vulnerability, vulnerability-management