Tag: rat

Oblivion RAT Masquerades as Play Store Update to Spy on Android Users

Mar 23, 2026 11:47 AM

Tags: access, android, cyber, cybercrime, malware, mobile, rat, service, spy, threat, update

A newly discovered Android remote access trojan (RAT) called Oblivion RAT is raising concerns across the mobile threat landscape. Marketed as a malware-as-a-service (MaaS) platform, it is sold on cybercrime forums with subscription plans starting at $300 per month. Unlike typical mobile malware, Oblivion RAT comes with a web-based APK builder, a dropper generator, and…
Open VSX Extension Delivers RAT and Stealer via GitHub Downloader

Mar 19, 2026 10:10 AM

Tags: access, cyber, github, malicious, rat

An Open VSX extension used by thousands of developers has been caught silently pulling a full-featured remote access trojan and infostealer from GitHub. The KhangNghiem/fast-draft extension, listed on open-vsx.org and tracked at over 26,000 downloads as of March 17, 2026, contained multiple malicious releases that executed a GitHub-hosted downloader and fetched a second-stage payload from…
ClickFix treibt neue Infostealer-Kampagnen an

Mar 18, 2026 11:11 AM

Tags: api, captcha, control, cyberattack, encryption, exploit, framework, github, infrastructure, intelligence, lazarus, login, malware, microsoft, powershell, rat, social-engineering, threat, windows, wordpress

ClickFix-Kampagnen werden immer raffinierter und zielen verstärkt auf WordPress-Webseiten.Cyberkriminelle kombinieren kompromittierte Websites mit immer raffinierteren Social-Engineering-Köder-Methoden, um neue Infostealer-Malware zu verbreiten. Bekannt ist das Ganze unter dem Namen ClickFix und zudem effektiv: In einer einzigen Kampagne wurden über 250 WordPress-Websites in zwölf Ländern infiziert.Während diese Kampagne zu unauffälligen, im Arbeitsspeicher ausgeführten Schadprogrammen führt, beobachtete Microsoft…
Judicial Targets Hit by COVERT RAT via Court Docs and GitHub Payloads

Mar 18, 2026 7:10 AM

Tags: access, cyber, github, powershell, rat, windows

Attackers are abusing fake court documents and GitHub”‘hosted payloads in a focused spear”‘phishing campaign that deploys a stealthy Rust”‘based COVERT RAT against Argentina’s judicial sector. This operation chains Windows LNK shortcuts, BAT loaders, and PowerShell to quietly fetch and execute a masqueraded payload, msedge_proxy.exe, from GitHub infrastructure. The operation, tracked as “Operation Covert Access,” uses…
Malicious NPM Packages Spread PylangGhost RAT in Supply Chain Attack

Mar 17, 2026 8:10 AM

Tags: access, attack, cyber, linux, macOS, malicious, rat, software, supply-chain, windows

Malicious npm packages are delivering the North Koreanlinked PylangGhost remote access trojan (RAT) in a new software supply chain campaign that targets developers across Windows, Linux, and macOS systems. The first malicious versions appeared in late February 2026 (@jaime9008/math-service 1.0.11.0.2), followed by react-refresh-update 1.0.11.0.4 published on March 1, 2026. Earlier 1.0.0 versions in both families were benign, a…
New XWorm 7.1 and Remcos RAT Attacks Abuse Windows Tools to Evade Detection

Mar 16, 2026 1:10 PM

Tags: attack, detection, exploit, flaw, rat, spy, tool, windows

New XWorm 7.1 and Remcos RAT campaigns abuse trusted Windows tools to evade detection. The attacks exploit a WinRAR flaw and use process hollowing to spy on victims. First seen on hackread.com Jump to article: hackread.com/xworm-7-1-remcos-rat-windows-tools-evade-detection/
Fake FileZilla Downloads Spread RAT via Stealthy Multi-Stage Loader

Mar 16, 2026 11:09 AM

Tags: access, cyber, rat, risk

Fake FileZilla downloads are being used to deliver a stealthy Remote Access Trojan (RAT) through a multi”‘stage loader, putting careless downloaders at high risk of compromise.”‹ Attackers have set up a fake website that closely copies the look and layout of the legitimate FileZilla download page, including logos, buttons, and version information. Unsuspecting users who…
Fileless Remcos RAT Attack Uses JavaScript and PowerShell to Slip Past Detection

Mar 13, 2026 7:09 AM

Tags: attack, cyber, defense, detection, malware, powershell, rat, windows

A recent Remcos RAT campaign showcases how commodity malware has fully embraced fileless, multi”‘stage execution to bypass traditional defenses and remain stealthy on compromised Windows systems. Instead of dropping a static executable to disk, the operators rely on JavaScript, PowerShell, and a managed .NET injector to execute Remcos entirely in memory, dramatically reducing forensic artifacts…
Sophisticated Surveillance RAT Marketed for Global Buyers

Mar 12, 2026 11:10 PM

Tags: access, android, crypto, cyber, cybercrime, hacking, rat

‘Cyber Android RAT’ Can Capture WhatsApp History, Crypto Seed Phrases. Cybercriminals are advertising on criminal hacking online boards an Android remote access Trojan that can steal victims’ WhatsApp conversation history, surveil them in real time and extract cryptocurrency seed phrases for the low price of about $500 a month. First seen on govinfosecurity.com Jump to…
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets

Mar 12, 2026 11:10 AM

Tags: android, banking, crypto, cybersecurity, data, finance, malware, rat, tool

Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud.The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT to full-fledged remote administration tools such as SURXRAT.PixRevolution, according to First seen on thehackernews.com Jump to…
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets

Mar 12, 2026 11:10 AM

Tags: android, banking, crypto, cybersecurity, data, finance, malware, rat, tool

Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud.The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT to full-fledged remote administration tools such as SURXRAT.PixRevolution, according to First seen on thehackernews.com Jump to…
BeatBanker Trojan Spreads via Phishing, Deploys Crypto Miner and RAT on Targeted Devices

Mar 11, 2026 9:48 AM

Tags: android, banking, crypto, cyber, fraud, google, malware, phishing, rat

BeatBanker is a new Android malware campaign targeting users in Brazil, combining banking fraud, crypto”‘mining, and, in its latest wave, full device takeover via a RAT. It spreads almost entirely through phishing pages that mimic the Google Play Store and trick victims into installing weaponized APKs disguised as legitimate apps and updates. The operation starts…
Devs looking for OpenClaw get served a GhostClaw RAT

Mar 10, 2026 1:47 PM

Tags: access, apple, credentials, crypto, data, detection, email, malware, password, rat, service, theft, tool

From password theft to persistence: The second stage malware, internally referred to as “GhostLoader,” is a large JavaScript bundle implementing both an infostealer and a remote access framework. Once launched, GhostLoader installs itself into a hidden directory disguised as an npm telemetry service and sets up persistence mechanisms which include shell configuration hooks that automatically…
GhostClaw Masquerades as OpenClaw in Bid to Plunder Developer Data

Mar 10, 2026 7:47 AM

Tags: ai, cloud, credentials, cyber, data, malicious, rat, social-engineering, threat

A malicious npm package, @openclaw-ai/openclawai, that impersonates the legitimate OpenClaw CLI while quietly deploying a full-featured infostealer and RAT against developers’ machines. Internally branded “GhostLoader,” this threat combines polished social engineering, encrypted payload delivery, and long”‘term persistence to exfiltrate almost every valuable secret a developer holds from SSH keys and cloud credentials to AI agent […]…
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Mar 9, 2026 8:48 PM

Tags: access, credentials, cybersecurity, data, macOS, malicious, rat

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts.The package, named “@openclaw-ai/openclawai,” was uploaded to the registry by a user named “openclaw-ai” on March 3, 2026. It has been downloaded 178 times to date. The library…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 87

Mar 8, 2026 3:47 PM

Tags: credentials, google, international, malicious, malware, rat, reverse-engineering

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Malware Reverse Engineering is no longer a human problem! StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy Multi-Stage Credential Stealer Inside a fake Google security check that becomes a browser RAT SloppyLemming…
Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

Mar 6, 2026 4:48 PM

Tags: access, attack, cybersecurity, malware, rat, threat

Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT.The stealthy attack chain has been codenamed VOID#GEIST by Securonix Threat Research.At a high level, the obfuscated batch script is used to…
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux

Mar 4, 2026 11:46 AM

Tags: access, cybersecurity, linux, macOS, malicious, rat, windows

Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that’s functional on Windows, macOS, and Linux systems.The names of the packages are listed below -nhattuanbl/lara-helper (37 Downloads)nhattuanbl/simple-queue (29 Downloads)nhattuanbl/lara-swagger (49 Downloads) First seen on thehackernews.com Jump to article: thehackernews.com/2026/03/fake-laravel-packages-on-packagist.html
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux

Mar 4, 2026 11:46 AM

Tags: access, cybersecurity, linux, macOS, malicious, rat, windows

Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that’s functional on Windows, macOS, and Linux systems.The names of the packages are listed below -nhattuanbl/lara-helper (37 Downloads)nhattuanbl/simple-queue (29 Downloads)nhattuanbl/lara-swagger (49 Downloads) First seen on thehackernews.com Jump to article: thehackernews.com/2026/03/fake-laravel-packages-on-packagist.html
Malicious Laravel Packages Deploy PHP RAT, Grant Remote Access to Attackers

Mar 4, 2026 6:47 AM

Tags: access, control, cyber, malicious, malware, rat

Malicious Packagist packages masquerading as Laravel helper utilities are delivering an obfuscated PHP remote access trojan (RAT) that grants full remote control over compromised hosts. Two of these, nhattuanbl/lara-helper and nhattuanbl/simple-queue, embed a byte”‘for”‘byte identical RAT payload in src/helper.php. A third package, nhattuanbl/lara-swagger, appears benign but hard”‘depends on lara-helper, ensuring the malware is installed transitively whenever developers require the swagger utility.…
SloppyLemming Espionage Campaign Targets Pakistan, Bangladesh with BurrowShell Backdoor and Rust RAT

Mar 3, 2026 3:47 PM

Tags: access, backdoor, cyber, data-breach, espionage, group, india, rat, rust, tool

SloppyLemming, an India-linked espionage group also known as Outrider Tiger and Fishing Elephant, has run a year-long cyber campaign against high”‘value targets in Pakistan and Bangladesh using a new BurrowShell backdoor and a Rust-based remote access tool (RAT). This activity builds directly on earlier operations exposed by Cloudflare’s CloudForce One in 2024. However, it shows…
Dust Specter APT Targets Government Officials in Iraq

Mar 2, 2026 5:47 PM

Tags: access, ai, api, apt, attack, backdoor, browser, chrome, cisco, cloud, control, data, detection, encryption, google, government, group, infrastructure, iran, iraq, malicious, malware, monitoring, network, open-source, password, powershell, rat, service, social-engineering, software, threat, tool, update, windows

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware including SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM. Due to significant overlap in tools, techniques, and procedures (TTPs), as well as victimology, between this campaign and activity associated with Iran-nexus APT groups, ThreatLabz assesses with medium-to-high confidence that an…
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

Mar 2, 2026 11:47 AM

Tags: control, cybersecurity, hacker, malicious, north-korea, rat, threat, tool

Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry.The packages masquerade as developer tools, but contain functionality to extract the actual command-and-control (C2) by using seemingly harmless Pastebin content as a dead drop…
Hacker erpressen weniger Lösegeld

Mar 2, 2026 10:47 AM

Tags: computer, cyberattack, hacker, ransomware, rat, risk

immer mehr betroffene Unternehmen und Organisationen folgen dem Rat, kein Lösegeld zu zahlen.Laut einem neuen Bericht des Analyseunternehmens Chainalysis konnten Hacker im Jahr 2025 im Zusammenhang mit Ransomware-Angriffen insgesamt 820 Millionen Dollar erbeuten.Auch wenn die Summe hoch ist, im Vergleich zum Vorjahr ist sie damit um 28 Prozent gesunken. Zudem ist zu berücksichtigen, dass die…
Microsoft warns of RAT delivered through trojanized gaming utilities

Feb 28, 2026 10:37 AM

Tags: access, microsoft, powershell, rat, threat, tool

Attackers spread trojanized gaming tools to deliver a stealthy RAT using PowerShell, LOLBins, and Defender evasion tactics. Threat actors are tricking users into running trojanized gaming utilities shared through browsers and chat platforms to deploy a remote access trojan. >>Microsoft Defender researchers uncovered a campaign that lured users into running trojanized gaming utilities (Xeno.exe or…
Double whammy: Steaelite RAT bundles data theft, ransomware in one evil tool

Feb 28, 2026 12:36 AM

Tags: credentials, crypto, data, ransomware, rat, theft, tool

Credential and cryptocurrency theft, live surveillance, ransomware – an attacker’s Swiss Army knife First seen on theregister.com Jump to article: www.theregister.com/2026/02/27/double_extortion_whammy_steaelite_rat/
Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Feb 27, 2026 12:37 PM

Tags: access, intelligence, malicious, microsoft, powershell, rat, threat, tool

Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT).”A malicious downloader staged a portable Java runtime and executed a malicious Java archive (JAR) file named jd-gui.jar,” the Microsoft Threat Intelligence team said in a post on X. “This…
Microsoft Defender Discovers Trojanized Gaming Utility Campaign Stealing Data with RATs

Feb 27, 2026 7:37 AM

Tags: access, cyber, data, malicious, malware, microsoft, rat, theft, tool

Microsoft Defender researchers have uncovered a new campaign that abuses trojanized gaming utilities to deliver multi”‘stage malware with remote access, data theft, and payload delivery capabilities. Attackers are masquerading as popular tools such as Xeno.exe and RobloxPlayerBeta.exe, tricking gamers into launching the malicious chain via downloads shared through web browsers and chat platforms. Once a…
New $300 Android RAT Boasts Automated Permission Bypass and Hidden Remote Control

Feb 26, 2026 11:36 AM

Tags: access, android, control, cyber, malware, rat, threat

Every so often, a new piece of malware emerges that truly shifts the threat landscape. Oblivion, a newly discovered Android Remote Access Trojan (RAT), appears to be one such moment. Unlike recycled or buggy Remote Access Trojan (RATs) seen across underground markets, Oblivion is promoted as a ground”‘up build, tested for months before public release. The…
Steaelite RAT Drives Surge in Double Extortion Attacks on Enterprises

Feb 26, 2026 7:37 AM

Tags: access, attack, cyber, cybercrime, extortion, malware, network, rat, strategy

A newly surfaced Remote Access Trojan (RAT) named Stealer is rapidly gaining traction across cybercrime networks, fueling a fresh wave of double-extortion incidents against enterprise targets. It offers features such as HVNC (Hidden Virtual Network Computing) monitoring and banking application bypass capabilities once reserved for advanced, custom-built malware teams. Steaelite’s marketing strategy mirrors that of commercial malware projects. The developer has actively…