Tag: rat
-
ConnectWise ScreenConnect Tops List of Abused RATs in 2025 Attacks
Cofense Intelligence’s May 2025 report exposes how cybercriminals are abusing legitimate Remote Access Tools (RATs) like ConnectWise and Splashtop to deliver malware and steal data. Learn about this growing threat. First seen on hackread.com Jump to article: hackread.com/connectwise-screenconnect-tops-abused-rats-2025/
-
RAT malware spread via bogus Kling AI ads
First seen on scworld.com Jump to article: www.scworld.com/brief/rat-malware-spread-via-bogus-kling-ai-ads
-
Fake Kling AI Facebook Ads Deliver RAT Malware to Over 22 Million Potential Victims
Counterfeit Facebook pages and sponsored ads on the social media platform are being employed to direct users to fake websites masquerading as Kling AI with the goal of tricking victims into downloading malware.Kling AI is an artificial intelligence (AI)-powered platform to synthesize images and videos from text and image prompts. Launched in June 2024, it’s…
-
Kimsuky APT Group Deploys PowerShell Payloads to Deliver XWorm RAT
Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by the notorious Kimsuky Advanced Persistent Threat (APT) group, deploying intricately crafted PowerShell payloads to deliver the XWorm Remote Access Trojan (RAT). This operation showcases the group’s advanced tactics, leveraging encoded scripts and multi-stage attack chains to infiltrate systems, bypass traditional security mechanisms, and establish covert…
-
Updated Remcos RAT deployed in fileless intrusion
Tags: ratFirst seen on scworld.com Jump to article: www.scworld.com/brief/updated-remcos-rat-deployed-in-fileless-intrusion
-
Fileless PowerShell Loader Deploys Remcos RAT
Attack Chain Uses LNK Files, MSHTA and Memory Injection. PowerShell is becoming hackers’ new favorite tool since they can load code directly into computer memory and evade traditional file-based detection methods, warn security researchers. A combination of LNK-MSHTA-PowerShell offers a stealthy and effective path to execution. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/fileless-powershell-loader-deploys-remcos-rat-a-28420
-
Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
Cybersecurity researchers have shed light on a new malware campaign that makes use of a PowerShell-based shellcode loader to deploy a remote access trojan called Remcos RAT.”Threat actors delivered malicious LNK files embedded within ZIP archives, often disguised as Office documents,” Qualys security researcher Akshay Thorve said in a technical report. “The attack chain leverages…
-
Fileless Remcos RAT Attack Evades Antivirus Using PowerShell Scripts
A new wave of attacks uses PowerShell and LNK files to secretly install Remcos RAT, enabling full remote… First seen on hackread.com Jump to article: hackread.com/fileless-remcos-rat-attack-antivirus-powershell-scripts/
-
PowerShell-Based Loader Deploys Remcos RAT in New Fileless Attack
A stealthy fileless PowerShell attack using Remcos RAT bypassed antivirus by operating in memory First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/powershell-loader-deploys-remcos/
-
Stealth RAT uses a PowerShell loader for fileless attacks
Threat actors have been spotted using a PowerShell-based shellcode loader to stealthily deploy Remcos RAT, a popular espionage-ready tool in line with a broader shift toward fileless techniques.As discovered by Qualys, the campaign executes a number of steps to phish an obfuscated .HTA (HTML Application) file that runs layered PowerShell scripts entirely in memory.”The attackers…
-
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-dayExecutive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
-
Malicious .NET files conceal RATs in bitmap images
First seen on scworld.com Jump to article: www.scworld.com/news/malicious-net-files-conceal-rats-in-bitmap-images
-
Popular npm package compromised with RAT in supply chain attack
First seen on scworld.com Jump to article: www.scworld.com/brief/popular-npm-package-compromised-with-rat-in-supply-chain-attack
-
RAT-laced PyPI package sets sights on Discord developers
First seen on scworld.com Jump to article: www.scworld.com/brief/rat-laced-pypi-package-sets-sights-on-discord-developers
-
ScreenConnect RAT deployed using bogus Social Security emails
First seen on scworld.com Jump to article: www.scworld.com/brief/screenconnect-rat-deployed-using-bogus-social-security-emails
-
Malicious PyPi package hides RAT malware, targets Discord devs since 2022
A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-pypi-package-hides-rat-malware-targets-discord-devs-since-2022/
-
Fake SSA Emails Trick Users into Installing ScreenConnect RAT
Cybercriminals are using fake Social Security Administration emails to distribute the ScreenConnect RAT (Remote Access Trojan) and compromise… First seen on hackread.com Jump to article: hackread.com/fake-ssa-emails-trick-users-installing-screenconnect-rat/
-
RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals
The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu, has been targeting UK companies in the retail, hospitality, and critical national infrastructure (CNI) sectors in a recently discovered cyber espionage and profit-driven operation called >>Operation Deceptive Prospect.
-
Experts shared update C2 domains and other artifacts related to recent MintsLoader attacks
MintsLoader is a malware loader delivering the GhostWeaver RAT via a multi-stage chain using obfuscated JavaScript and PowerShell. Recorded Future researchers observed MintsLoader delivering payloads like GhostWeaver via obfuscated scripts, evading detection with sandbox/VM checks, and uses DGA and HTTP C2. MintsLoader is a malware loader that was first spotted in 2024, the loader has…
-
Nebulous Mantis hackers have Deployed the RomCom RAT globally, Targeting organizations.
Nebulous Mantis, also known as Cuba, STORM-0978, Tropical Scorpius, and UNC2596, is a Russian-speaking cyber espionage group that has been actively deploying the RomCom remote access trojan (RAT) in targeted campaigns since mid-2019. The group primarily focuses on critical infrastructure, government agencies, political leaders, and organizations related to NATO. Their operations are characterized by the…
-
Russia-linked group Nebulous Mantis targets NATO-related defense organizations
Tags: apt, cyber, data, defense, espionage, government, group, infrastructure, phishing, rat, russia, spear-phishingPRODAFT researchers warn of Russia-linked APT group Nebulous Mantis targeting NATO-related defense organizations Nebulous Mantis, a Russian-speaking cyber espionage group (aka Cuba, STORM-0978, Tropical Scorpius, UNC2596), used RomCom RAT and Hancitor since 2019 to target critical infrastructure, governments, and NATO-linked entities. Since mid-2022, they’ve deployed RomCom via spear-phishing for espionage, lateral movement, and data theft.…
-
Nebulous Mantis Targets NATO-Linked Entities with Multi-Stage Malware Attacks
Tags: access, attack, communications, control, cyber, cybersecurity, espionage, group, infrastructure, malware, rat, russia, tacticsCybersecurity researchers have shed light on a Russian-speaking cyber espionage group called Nebulous Mantis that has deployed a remote access trojan called RomCom RAT since mid-2022.RomCom “employs advanced evasion techniques, including living-off-the-land (LOTL) tactics and encrypted command and control (C2) communications, while continuously evolving its infrastructure leveraging First seen on thehackernews.com Jump to article: thehackernews.com/2025/04/nebulous-mantis-targets-nato-linked.html
-
Python-Based Discord RAT Enables Remote Control and Disruption Through a Simple Interface
A newly analyzed Python-based Remote Access Trojan (RAT) has emerged as a significant cybersecurity threat, utilizing Discord as its command-and-control (C2) platform. Disguised as a benign script, this malware transforms the popular communication tool into a hub for malicious operations, allowing attackers to remotely control infected systems with alarming ease. By exploiting Discord’s encrypted traffic…
-
Chinese hackers target Russian govt with upgraded RAT malware
Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-target-russian-govt-with-upgraded-rat-malware/
-
Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader.”Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution,” Palo Alto Networks Unit 42 researcher Saqib Khanzada said in a technical write-up of the campaign.The First…
-
IronHusky APT Resurfaces with Evolved MysterySnail RAT
In a newly released report, Kaspersky’s Global Research and Analysis Team (GReAT) has revealed the resurgence of IronHusky, First seen on securityonline.info Jump to article: securityonline.info/ironhusky-apt-resurfaces-with-evolved-mysterysnail-rat/
-
Neue ResolverRAT-Malware zielt auf Gesundheitsbranche
Der neue Remote Access Trojaner ResolverRAT nutzt DLL-Side-Loading-Probleme aus.Forscher von Morphisec haben einen neuen Remote Access Trojaner (RAT) mit dem Namen ResolverRAT entdeckt, der über Phishing-E-Mails mit bösartigen Anhängen verbreitet wird. Die Angreifer nutzen dabei als Köder Begriffe wie Urheberrechtsverletzungen, verschiedene Rechtsverstöße und laufende Ermittlungen. Die E-Mails sind in mehreren Sprachen verfasst, darunter Englisch, Hindi,…
-
UNC5174: Chinese Threat Actor Deploys New VShell RAT in Campaign
The Sysdig Threat Research Team (TRT) has uncovered a new campaign by the Chinese state-sponsored threat actor UNC5174, First seen on securityonline.info Jump to article: securityonline.info/unc5174-chinese-threat-actor-deploys-new-vshell-rat-in-campaign/
-
New ResolverRAT malware targets healthcare and pharma orgs worldwide
Tags: authentication, control, data, encryption, group, healthcare, infrastructure, malware, monitoring, network, organized, rat, strategy, threat, toolPersistence and stealthy C2 communication: The new RAT employs multiple persistence strategies, including more than 20 obfuscated registry entries and files dropped in multiple folders on disk. The malware keeps a record of which persistence techniques were successful to use them as a fallback mechanism.Communication with the command-and-control (C2) server uses TLS encryption with a…
-
Chinese Hackers Deploy Stealthy Fileless VShell RAT
Malware Hides in Memory, Evades Detection by Endpoint Tools. A Chinese state-backed hacking group tracked as UNC5174 relaunched its operations after a year of silence with a campaign using a memory-only remote access Trojan that evades traditional detection mechanisms, according to new research from cybersecurity firm Sysdig. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-hackers-deploy-stealthy-fileless-vshell-rat-a-28012