Tag: rat
-
PhantomCaptcha Spyware Targets Ukraine NGOs with Fake Cloudflare Lure to Deploy WebSocket RAT
The post PhantomCaptcha Spyware Targets Ukraine NGOs with Fake Cloudflare Lure to Deploy WebSocket RAT appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/phantomcaptcha-spyware-targets-ukraine-ngos-with-fake-cloudflare-lure-to-deploy-websocket-rat/
-
PhantomCaptcha RAT Attack Targets Aid Groups Supporting Ukraine
SentinelLABS’ research reveals PhantomCaptcha, a highly coordinated, one-day cyber operation on Oct 8, 2025, targeting the International Red Cross, UNICEF, and Ukraine government groups using fake emails and a Remote Access Trojan (RAT) linked to Russian infrastructure. First seen on hackread.com Jump to article: hackread.com/phantomcaptcha-rat-attack-targets-ukraine/
-
New Python-Based RAT Disguised as Minecraft App Steals Sensitive User Data
Threat researchers at Netskope have uncovered a sophisticated new Remote Access Trojan (RAT) written in Python that masquerades as >>Nursultan Client,
-
PhantomCaptcha RAT Uses Weaponized PDFs and “ClickFix” Cloudflare CAPTCHA Pages to Deliver Malware
A sophisticated spearphishing campaign has targeted humanitarian organizations working on Ukrainian war relief efforts, employing weaponized PDFs and fake Cloudflare captcha pages to deploy a custom remote access trojan. The PhantomCaptcha campaign, launched on October 8th, 2025, specifically targeted individual members of the International Committee of the Red Cross, United Nations Children’s Fund (UNICEF) Ukraine…
-
PhantomCaptcha RAT Uses Weaponized PDFs and “ClickFix” Cloudflare CAPTCHA Pages to Deliver Malware
A sophisticated spearphishing campaign has targeted humanitarian organizations working on Ukrainian war relief efforts, employing weaponized PDFs and fake Cloudflare captcha pages to deploy a custom remote access trojan. The PhantomCaptcha campaign, launched on October 8th, 2025, specifically targeted individual members of the International Committee of the Red Cross, United Nations Children’s Fund (UNICEF) Ukraine…
-
PhantomCaptcha targets Ukraine relief groups with WebSocket RAT in October 2025
PhantomCaptcha phishing campaign hit Ukraine relief groups with a WebSocket RAT on Oct 8, 2025, targeting Red Cross, UNICEF, and others. SentinelOne researchers uncovered PhantomCaptcha, a coordinated spear-phishing campaign on October 8, 2025, targeting Ukraine war relief groups, including Red Cross, UNICEF, NRC, and local administrations. Threat actors used fake emails to deploy a WebSocket-based…
-
North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module
The post North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-waterplum-apt-deploys-node-js-ottercandy-rat-for-crypto-theft-with-anti-forensic-module/
-
Winos 4.0 hackers expand to Japan and Malaysia with new malware
Winos 4.0 hackers expand from China, Taiwan to Japan, Malaysia using fake Finance Ministry PDFs to spread HoldingHands RAT malware. Threat actors behind Winos 4.0 (ValleyRAT) have expanded their attacks from China and Taiwan to Japan and Malaysia, using PDFs disguised as documents from the Finance Ministry to deliver malware. Attackers employed another remote access…
-
Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT
The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with another remote access trojan (RAT) tracked as HoldingHands RAT (aka Gh0stBins).”The campaign relied on phishing emails with PDFs that contained embedded malicious links,” Pei Han Liao, researcher…
-
ClickFake Interview Campaign Used by Threat Actors to Deliver OtterCandy Malware
A North Korean-linked group, WaterPlum’s Cluster B, has evolved its tactics by introducing OtterCandy”, a Node.jsbased RAT and information stealer”, through the ClickFake Interview campaign, with significant enhancements observed in August 2025. This threat actor, attributed to North Korea, orchestrated two primary campaigns: Contagious Interview and ClickFake Interview. Although multiple clusters operate under the WaterPlum…
-
North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft
The post North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-famous-chollima-apt-uses-trojanized-node-js-app-to-deploy-ottercookie-rat-for-crypto-theft/
-
ThreatsDay Bulletin: $15B Crypto Bust, Satellite Spying, Billion-Dollar Smishing, Android RATs & More
The online world is changing fast. Every week, new scams, hacks, and tricks show how easy it’s become to turn everyday technology into a weapon. Tools made to help us work, connect, and stay safe are now being used to steal, spy, and deceive.Hackers don’t always break systems anymore, they use them. They hide inside…
-
ThreatsDay Bulletin: $15B Crypto Bust, Satellite Spying, Billion-Dollar Smishing, Android RATs & More
The online world is changing fast. Every week, new scams, hacks, and tricks show how easy it’s become to turn everyday technology into a weapon. Tools made to help us work, connect, and stay safe are now being used to steal, spy, and deceive.Hackers don’t always break systems anymore, they use them. They hide inside…
-
GhostBat RAT Returns with Fake RTO Apps Targeting Indian Android Users with Telegram Bot-Driven Malware
A new trend of Android malware is sweeping across India, leveraging the guise of Regional Transport Office (RTO) apps to steal financial data, mine cryptocurrency, and exfiltrate SMS messages, all while secretly registering infected devices through Telegram bots. Known as GhostBat RAT, this new malware campaign has recently resurfaced. First seen on thecyberexpress.com Jump to article:…
-
GhostBat RAT Returns with Fake RTO Apps Targeting Indian Android Users with Telegram Bot-Driven Malware
A new trend of Android malware is sweeping across India, leveraging the guise of Regional Transport Office (RTO) apps to steal financial data, mine cryptocurrency, and exfiltrate SMS messages, all while secretly registering infected devices through Telegram bots. Known as GhostBat RAT, this new malware campaign has recently resurfaced. First seen on thecyberexpress.com Jump to article:…
-
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users
The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…
-
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users
The GhostBat RAT campaign leverages diverse infection vectors”, WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites”, to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse”engineering. The threat actors utilize native libraries (.so) to dynamically resolve API…
-
From infostealer to full RAT: dissecting the PureRAT attack chain
Researchers map a campaign that escalated from a Python infostealer to a full PureRAT backdoor, loaders, evasions, and TLS-pinned C2. Join Huntress Labs’ Tradecraft Tuesday for deep technical walkthroughs and live IOC guidance on the latest cybersecurity topics. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/from-infostealer-to-full-rat-dissecting-the-purerat-attack-chain/
-
Your Shipment Notification is Now a Malware Dropper
Forcepoint X-Labs reports a surge in sophisticated email attacks using obfuscated JavaScript and steganography to deliver dangerous RATs and info-stealers like Formbook and Agent Tesla. Learn how to defend against the threat. First seen on hackread.com Jump to article: hackread.com/your-shipment-notification-malware-dropper/
-
How your mouse could eavesdrop on you and rat you out
Mic-E-Mouse can roar by literally vibe hacking speech First seen on theregister.com Jump to article: www.theregister.com/2025/10/07/mouse_microphone_security/
-
How your mouse could eavesdrop on you and rat you out
Mic-E-Mouse can roar by literally vibe hacking speech First seen on theregister.com Jump to article: www.theregister.com/2025/10/07/mouse_microphone_security/
-
Polymorphic Python Malware That Mutates Every Time It Runs
A newly spotted Python remote access trojan (RAT) on VirusTotal employs advanced polymorphic and self-modifying techniques, allowing it to alter its code signature on every execution and evade detection. Security researchers examining VirusTotal submissions identified a suspicious Python RAT (SHA256:7173e20e7ec217f6a1591f1fc9be6d0a4496d78615cc5ccdf7b9a3a37e3ecc3c) that scored only 2/64 on VT. What sets this sample apart are three distinct function…
-
Polymorphic Python Malware That Mutates Every Time It Runs
A newly spotted Python remote access trojan (RAT) on VirusTotal employs advanced polymorphic and self-modifying techniques, allowing it to alter its code signature on every execution and evade detection. Security researchers examining VirusTotal submissions identified a suspicious Python RAT (SHA256:7173e20e7ec217f6a1591f1fc9be6d0a4496d78615cc5ccdf7b9a3a37e3ecc3c) that scored only 2/64 on VT. What sets this sample apart are three distinct function…
-
Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave
Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to targets.The activity, observed by cybersecurity company Huntress in August 2025, is characterized by the use of an unusual technique called log poisoning (aka log…
-
Open-source monitor turns into an off-the-shelf attack beacon
Tags: api, apt, attack, china, control, hacker, malware, monitoring, open-source, powershell, ransomware, rat, RedTeam, russia, software, threat, tool, windowsRiding Nezha to Ghost RAT: With the web shell in place, the attackers used AntSword to download two components: “live.exe” (the Nezha agent) and a “config.yml” that pointed to the attacker-controlled domain. The Nezha agent connected back to a management server whose dashboard was running in Russian, presumably to throw off attribution.Once Nezha was active,…
-
Nezha Tool Used in New Cyber Campaign Targeting Web Applications
A cyber campaign using Nezha has been identified, targeting vulnerable web apps with PHP web shells and Ghost RAT First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nezha-tool-used-new-cyber-campaign/
-
Nezha Tool Used in New Cyber Campaign Targeting Web Applications
A cyber campaign using Nezha has been identified, targeting vulnerable web apps with PHP web shells and Ghost RAT First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nezha-tool-used-new-cyber-campaign/
-
New ‘Fully Undetectable’ Android RAT Discovered on GitHub
Hosted at the repository “Huckel789/Android-RAT,” this fully undetectable (FUD) RAT is designed to evade antivirus detection permanently, maintain persistence in battery-optimized environments, and deliver a feature-rich command-and-control (C2C) experience entirely from a web interface. This Android RAT sets itself apart by eliminating the traditional requirement for a desktop or laptop in the attack chain. A…
-
New Android RAT Klopatra Targets Financial Data
New Android RAT Klopatra is targeting financial institutions using advanced evasion techniques First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-rat-klopatra-targets/
-
Hackers Use Fake Invoices to Spread XWorm RAT via Office Files
Hackers are sending fake invoice emails with malicious Office files that install the XWorm RAT on Windows systems, allowing full remote access and data theft. Learn how the shellcode and process injection are used to steal data, and how to stay safe from this persistent threat. First seen on hackread.com Jump to article: hackread.com/hackers-fake-invoices-xworm-rat-office-files/