Tag: rat
-
UNC5174: Chinese Threat Actor Deploys New VShell RAT in Campaign
The Sysdig Threat Research Team (TRT) has uncovered a new campaign by the Chinese state-sponsored threat actor UNC5174, First seen on securityonline.info Jump to article: securityonline.info/unc5174-chinese-threat-actor-deploys-new-vshell-rat-in-campaign/
-
New ResolverRAT malware targets healthcare and pharma orgs worldwide
Tags: authentication, control, data, encryption, group, healthcare, infrastructure, malware, monitoring, network, organized, rat, strategy, threat, toolPersistence and stealthy C2 communication: The new RAT employs multiple persistence strategies, including more than 20 obfuscated registry entries and files dropped in multiple folders on disk. The malware keeps a record of which persistence techniques were successful to use them as a fallback mechanism.Communication with the command-and-control (C2) server uses TLS encryption with a…
-
Chinese Hackers Deploy Stealthy Fileless VShell RAT
Malware Hides in Memory, Evades Detection by Endpoint Tools. A Chinese state-backed hacking group tracked as UNC5174 relaunched its operations after a year of silence with a campaign using a memory-only remote access Trojan that evades traditional detection mechanisms, according to new research from cybersecurity firm Sysdig. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-hackers-deploy-stealthy-fileless-vshell-rat-a-28012
-
A New ‘It RAT’: Stealthy ‘Resolver’ Malware Burrows In
A new infostealer on the market is making big waves globally, replacing Lumma et al. in attacks and employing so many stealth, persistence, and anti-analysis tricks that it’s downright difficult to count them all. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/it-rat-stealthy-resolver-malware
-
Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT
A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family called CurlBack RAT.The activity, detected by SEQRITE in December 2024, targeted Indian entities under railway, oil and gas, and external affairs ministries, marking an…
-
Scattered Spider persists with use of Spectre RAT, new phishing kit
First seen on scworld.com Jump to article: www.scworld.com/news/scattered-spider-persists-with-use-of-spectre-rat-new-phishing-kit
-
Blackhat: Wie realistisch ist der neue Film von Michael Mann?
Der Hackerfilm Blackhat nutzt definitiv eine Cybersicherheits-Sprache mit echten Begriffen wie: Malware, Proxy, Server, Zero Day, Payload, RAT, Edge Router, IP-Adresse, PLC, Bluetooth, Android, PGP, Bulletproof Host und USB, um nur ein paar zu nennen. Aber wie realistisch ist die Geschichte des Films tatsächlich? First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/01/30/blackhat-wie-realistisch-ist-der-neue-film-von-michael-mann/
-
G20 Gipfel als Köder: Gh0st-RAT greift tibetische Aktivisten an
Es ist wohlbekannt, dass ATP-Akteure wichtige Ereignisse gern ausnutzen, um zielgerichtete Angriffe durchzuführen. Ebenso berüchtigt sind Attacken gegen tibetische NGOs. Aus diesem Grund sind wir davon ausgegangen, dass im Vorfeld des G20 Gipfels einige zielgerichtete Bedrohungen zu sehen sein würden. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2014/11/17/g20-gipfel-als-koder-gh0st-rat-greift-tibetische-aktivisten/
-
Neptune RAT spreads across GitHub, Telegram, and YouTube
First seen on scworld.com Jump to article: www.scworld.com/news/neptune-rat-spreads-across-github-telegram-and-youtube
-
Novel Neptune RAT variant sets sights on Windows
First seen on scworld.com Jump to article: www.scworld.com/brief/novel-neptune-rat-variant-sets-sights-on-windows
-
Dangerous, Windows-Hijacking Neptune RAT Scurries Into Telegram, YouTube
The malware’s creators insist a new open source version of Neptune is for educational use by pen testers, but a raft of sophisticated backdoor and evasion capabilities says otherwise. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/windows-hijacking-neptune-rat-telegram-youtube
-
Scattered Spider stops the Rickrolls, starts the RAT race
Tags: ratDespite arrests, eight-legged menace targeted more victims this year First seen on theregister.com Jump to article: www.theregister.com/2025/04/08/scattered_spider_updates/
-
Neptune RAT Variant Spreads via YouTube to Steal Windows Passwords
A new Neptune RAT variant is being shared via YouTube and Telegram, targeting Windows users to steal passwords and deliver additional malware components. First seen on hackread.com Jump to article: hackread.com/neptune-rat-variant-youtube-steal-windows-passwords/
-
NEPTUNE RAT Targets Windows Users, Steals Passwords from 270+ Applications
A recent cyber threat named Neptune RAT has emerged as a rising concern for Windows users, targeting sensitive data and exhibiting advanced malicious capabilities. CYFIRMA researchers have identified the latest version of this Remote Access Trojan (RAT), revealing alarming details about its distribution, functionality, and impact on compromised systems. Technical Overview of Neptune RAT Neptune…
-
Hackers Selling SnowDog RAT Malware With Remote Control Capabilities Online
A sophisticated remote access trojan (RAT) dubbedSnowDoghas surfaced on underground cybercrime forums, prompting alarms among cybersecurity experts. Advertised as a tool for “corporate espionage and advanced intrusions,” the malware is being sold by an unidentified threat actor with claims of stealth, evasion, and remote control capabilities. The SnowDog RAT: Features and Risks The seller claims…
-
Ongoing Gamaredon phishing campaign targets Ukraine with Remcos RAT
First seen on scworld.com Jump to article: www.scworld.com/brief/ongoing-gamaredon-phishing-campaign-targets-ukraine-with-remcos-rat
-
Triton RAT Uses Telegram for Remote System Access and Control
Cado Security Labs has uncovered a new Python-based Remote Access Tool (RAT) named Triton RAT, which leverages Telegram for remote system access and data exfiltration. This open-source malware, available on GitHub, is designed to execute a wide range of malicious activities, including credential theft, system control, and persistence establishment. Technical Overview Triton RAT initiates its…
-
Konni RAT Exploit Windows Explorer Limitations To Launches a Multi-Stage Attack Steal Data
Konni RAT, a highly advanced Remote Access Trojan (RAT), has emerged as a significant cybersecurity threat, leveraging Windows Explorer limitations to execute multi-stage attacks. This malware employs a combination of batch files, PowerShell scripts, and VBScript to infiltrate systems, exfiltrate sensitive data, and maintain persistence. Its ability to evade detection through obfuscation and stealth makes…
-
Russia-linked Gamaredon targets Ukraine with Remcos RAT
Tags: apt, attack, cyberespionage, group, phishing, powershell, rat, russia, spear-phishing, ukraineRussia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, ACTINIUM, Callisto) targets Ukraine with a phishing campaign. The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukrainian entities, and organizations related…
-
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine
Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT.”The file names use Russian words related to the movement of troops in Ukraine as a lure,” Cisco Talos researcher Guilherme Venere said in a report published last week. “The PowerShell downloader contacts geo-fenced…
-
New Python-Based Discord RAT Targets Users to Steal Login Credentials
A recently identified Remote Access Trojan (RAT) has raised alarms within the cybersecurity community due to its innovative use of Discord’s API as a Command and Control (C2) server. This Python-based malware exploits Discord’s extensive user base to execute commands, steal sensitive information, and manipulate both local machines and Discord servers. Bot Initialization and Functionality…
-
Ukrainian defense sector hit with Dark Crystal RAT
First seen on scworld.com Jump to article: www.scworld.com/brief/ukrainian-defense-sector-hit-with-dark-crystal-rat
-
Attackers Use Fake CAPTCHAs to Deploy Lumma Stealer RAT
Attackers are exploiting user familiarity with CAPTCHAs to distribute the Lumma Stealer RAT via malicious PowerShell commands, according to HP First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/attackers-fake-captchas-lumma/
-
CERT-UA Warns of Escalating Cyberattacks Targeting Ukraine’s Defense Sector with DarkCrystal RAT
The Government Computer Emergency Response Team (CERT-UA) issued an important warning about a series of targeted cyberattacks aimed at employees within Ukraine’s defense-industrial complex and members of the Armed Forces. These attacks have been tracked under the iden First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cert-ua-warns-of-darkcrystal-rat/
-
Ukraine Defense Sector Under Attack Via Dark Crystal RAT
The UNC-200 threat group, active since last summer, has been utilizing the Signal messaging app to social engineer targets into downloading an infostealing remote access Trojan. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/ukraine-defense-sector-attack-dark-crystal-rat
-
Cryptohack Roundup: $6.1M Wemix Theft
Also: OKX Temporarily Suspends Services to Prevent Funds Laundering. This week, $6.1M Wemix theft, OKX suspended services, Vermont dropped Coinbase case, new RAT-targeted crypto wallet extensions, TJ Stone got prison time, Nebraska’s new crypto ATM rule, Trezor disclosed a potential bug and British prosecutors charged a former police officer for 50 Bitcoin theft. First seen…
-
CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT
CERT-UA warns of a cyber campaign using Dark Crystal RAT to target Ukraine’s defense sector, including defense industry employees and Defense Forces members. The Computer Emergency Response Team of Ukraine (CERT-UA) uncovered a new cyber espionage campaign targeting employees of defense-industrial complex enterprises and representatives of the Defense Forces of Ukraine with Dark Crystal RAT.…