Tag: rat
-
GrayAlpha Hackers Group Exploits Browser Updates to Deploy PowerNet Loader and NetSupport RAT
Tags: attack, cyber, cybercrime, exploit, finance, group, hacker, infrastructure, malware, powershell, rat, threat, updateA new infrastructure linked to GrayAlpha, a cybercriminal entity overlapping with the notorious FIN7 group, has been exposed. This financially motivated threat actor, active since at least 2013, is known for its sophisticated attacks targeting retail, hospitality, and financial sectors. Custom Malware Uncovered The latest findings reveal GrayAlpha’s use of custom malware, including a PowerShell…
-
Windows Defender Bypass Using PowerShell and Registry Edits in CyberEYE RAT
A newly discovered remote access trojan (RAT) named CyberEye is making waves in the cybersecurity community for its sophisticated capabilities and its reliance on Telegram, the popular messaging platform, as its command-and-control (C2) infrastructure. First detected in the wild in May 2025, CyberEye is distributed under various names, including TelegramRAT, and is rapidly gaining traction among cybercriminals…
-
Threat Actors Using Bat Files to Deploy Quasar RAT
Remote Access Trojans (RATs)like Quasar have been a persistent threat for years, enabling attackers to control infected systems remotely. Recent SANS research has uncovered a new and particularly stealthy Quasar campaign, characterized by strong obfuscation and an innovative anti-sandbox technique. The infection begins with a batch (.bat) script attached to a seemingly harmless document. When…
-
Mirai botnet weaponizes PoC to exploit Wazuh open-source XDR flaw
Two Mirai variants integrate the exploit: The first botnet exploiting CVE-2025-24016 was detected by Akamai in March and used a proof-of-concept (PoC) exploit that was published for the vulnerability in late February. That exploit targets the /security/user/authenticate/run_as API endpoint.The second botnet was detected in early May and targeted the /Wazuh endpoint, but the exploit payload…
-
Windows system takeovers enabled by new DuplexSpy RAT
First seen on scworld.com Jump to article: www.scworld.com/brief/windows-system-takeovers-enabled-by-new-duplexspy-rat
-
Complex npm attack uses 7-plus layers of obfuscation to spread Pulsar RAT
First seen on scworld.com Jump to article: www.scworld.com/news/complex-npm-attack-uses-7-plus-layers-of-obfuscation-to-spread-pulsar-rat
-
New DuplexSpy RAT Gives Attackers Full Control Over Windows Machines
A new Remote Access Trojan (RAT) named DuplexSpy has surfaced, posing a significant threat to Windows-based systems worldwide. Developed in C# by GitHub user ISSAC/iss4cf0ng and released publicly on April 15, 2025, with a stated intent of >>educational purposes,
-
Hundreds of Malicious GitHub Repos Targeting Novice Cybercriminals Traced to Single User
Sophos X-Ops researchers have identified over 140 GitHub repositories laced with malicious backdoors, orchestrated by a single threat actor associated with the email address ischhfd83[at]rambler[.]ru. Initially sparked by a customer inquiry into the Sakura RAT, a supposed open-source malware touted for its >>sophisticated anti-detection capabilities,
-
New versions of Chaos RAT target Windows and Linux systems
Acronis researchers reported that new Chaos RAT variants were employed in 2025 attacks against Linux and Windows systems. Acronis TRU researchers discovered new Chaos RAT variants targeting Linux and Windows in recent attacks. Originally seen in 2022, Chaos RAT evolved in 2024, with fresh samples emerging in 2025. TRU also discovered a critical flaw in…
-
Open-source Chaos RAT used in recent attacks targeting Linux
First seen on scworld.com Jump to article: www.scworld.com/news/open-source-chaos-rat-used-in-recent-attacks-targeting-linux
-
New Chaos RAT Targets Linux and Windows Users to Steal Sensitive Data
A new wave of cyber threats has emerged with the discovery of updated variants of Chaos RAT, a notorious open-source remote administration tool (RAT) first identified in 2022. As reported by Acronis TRU researchers in their recent 2025 analysis, this malware continues to evolve, targeting both Linux and Windows environments with sophisticated capabilities for espionage…
-
ClickFix Email Scam Alert: Fake Booking.com Emails Deliver Malware
Cofense Intelligence uncovers a surge in ClickFix email scams impersonating Booking.com, delivering RATs and info-stealers. Learn how these… First seen on hackread.com Jump to article: hackread.com/clickfix-email-scam-fake-booking-com-emails-malware/
-
NetSupport RAT spread via bogus Gitcode, DocuSign sites
Tags: ratFirst seen on scworld.com Jump to article: www.scworld.com/brief/netsupport-rat-spread-via-bogus-gitcode-docusign-sites
-
Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads
Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT that has been used in recent attacks targeting Windows and Linux systems.According to findings from Acronis, the malware artifact may have been distributed by tricking victims into downloading a network troubleshooting utility for Linux environments.”Chaos RAT is…
-
Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack
Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware.The DomainTools Investigations (DTI) team said it identified “malicious multi-stage downloader Powershell scripts” hosted on lure websites that masquerade as Gitcode and DocuSign.” First…
-
Fake Docusign Pages Deliver Multi-Stage NetSupport RAT Malware
Malware campaign used fake DocuSign pages to deploy NetSupport RAT through clipboard manipulation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fake-docusign-pages-deliver-rat/
-
Interlock Ransomware Deploys New NodeSnake RAT in UK Attacks
Quorum Cyber identifies two new NodeSnake RAT variants, strongly attributed to Interlock ransomware, impacting UK higher education and local government. First seen on hackread.com Jump to article: hackread.com/interlock-ransomware-new-nodesnake-rat-in-uk-attacks/
-
PureHVNC RAT distributed via job lures in new phishing attack
First seen on scworld.com Jump to article: www.scworld.com/brief/purehvnc-rat-distributed-via-job-lures-in-new-phishing-attack
-
Corrupted headers conceal novel Windows RAT
First seen on scworld.com Jump to article: www.scworld.com/brief/corrupted-headers-conceal-novel-windows-rat
-
Hackers Use Gh0st RAT to Hijack Internet Café Systems for Crypto Mining
Hackers have been targeting Internet cafés in South Korea since the second half of 2024, exploiting specialized management software to install malicious tools for cryptocurrency mining. According to a detailed report from AhnLab SEcurity intelligence Center (ASEC), the attackers, active since 2022, are using the notorious Gh0st RAT (Remote Access Trojan) to seize control of…
-
Novel NodeSnake RAT deployed in university-targeted Interlock ransomware intrusions
First seen on scworld.com Jump to article: www.scworld.com/brief/novel-nodesnake-rat-deployed-in-university-targeted-interlock-ransomware-intrusions
-
PureHVNC RAT Uses Fake Job Offers and PowerShell to Evade Security Defenses
A new and highly evasive malware campaign delivering the PureHVNC Remote Access Trojan (RAT) has been identified by Netskope Threat Labs, showcasing a complex multi-layer infection chain designed to bypass modern security defenses. This campaign, active in 2024, leverages fake job offers from well-known global brands like Bershka, Fragrance Du Bois, John Hardy, and Dear…
-
Interlock Ransomware Uses NodeSnake RAT for Persistent Access to Corporate Networks
In a two UK-based universities have fallen victim to a sophisticated Remote Access Trojan (RAT) dubbed NodeSnake within the past two months. According to analysis by Quorum Cyber’s Threat Intelligence (QCTI) team Report, this malware, likely deployed by the ransomware group Interlock, showcases advanced capabilities for persistent access and network infiltration. Emerging Threat Targets Higher…
-
New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers
Cybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with corrupted DOS and PE headers, according to new findings from Fortinet.The DOS (Disk Operating System) and PE (Portable Executable) headers are essential parts of a Windows PE file, providing information about the executable.While the DOS header makes the executable file…
-
Malware Analysis Reveals Sophisticated RAT With Corrupted Headers
Fortinet has identified a new Windows RAT operating stealthily on compromised systems with advanced evasion techniques First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/rat-corrupted-headers/
-
Interlock ransomware gang deploys new NodeSnake RAT on universities
The Interlock ransomware gang is deploying a previously undocumented remote access trojan (RAT) named NodeSnake against educational institutes for persistent access to corporate networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/interlock-ransomware-gang-deploys-new-nodesnake-rat-on-universities/
-
Crooks use a fake antivirus site to spread Venom RAT and a mix of malware
Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. DomainTools Intelligence (DTI) researchers warn of a malicious campaign using a fake website (“bitdefender-download[.]com”) spoofing Bitdefender’s Antivirus for Windows download page to trick visitors into downloading a remote access trojan called Venom RAT. >>A malicious campaign…
-
New Phishing Campaign Uses DBatLoader to Drop Remcos RAT: What Analysts Need to Know
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings. First seen on hackread.com Jump to article: hackread.com/new-phishing-campaign-dbatloader-drop-remcos-rat/
-
Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets
Tags: access, antivirus, credentials, crypto, cybercrime, cybersecurity, finance, malicious, rat, softwareCybersecurity researchers have disclosed a new malicious campaign that uses a fake website advertising antivirus software from Bitdefender to dupe victims into downloading a remote access trojan called Venom RAT.The campaign indicates a “clear intent to target individuals for financial gain by compromising their credentials, crypto wallets, and potentially selling access to their systems,” the…
-
Silver RAT Malware Employs New Anti-Virus Bypass Techniques to Execute Malicious Activities
A newly identified strain of malware, dubbed Silver RAT, has emerged as a significant threat to cybersecurity, leveraging sophisticated anti-virus bypass techniques to infiltrate and compromise Windows-based systems. This remote access trojan (RAT), believed to be crafted by a highly skilled threat actor or group, demonstrates an alarming ability to evade detection by traditional security…