Skip to main content

Tag: remote access trojan

72 articles

Rows of computer servers and network equipment in a dimly lit server room with organized cables and wires.

GoSerpent Malware Evolves with Advanced Data Exfiltration Tactics

In late 2025, a new wave of malicious activity emerged, led by the evolved GoSerpent malware, which has been quietly lurking in the shadows since at least 2021. This stealthy backdoor has upgraded its data exfiltration tactics, putting organizations on high alert.

Analyst 207
Windows host computer on an office workstation with a blurred desktop screen.

LabubaRAT Exploits NVIDIA Disguise to Control Windows Hosts

Meet LabubaRAT, a sneaky threat that masquerades as NVIDIA software to take control of Windows hosts, allowing hackers to profile, capture, and manipulate sensitive data. Once deployed, it creates a hidden backdoor for further malicious activity.

Analyst 207
Modern office interior with a clean desk and laptop workstation.

Silver Fox Deploying Advanced Modular RAT via gRPC Streaming

Meet MODBEACON, a sneaky new Remote Access Trojan linked to the Silver Fox cybercrime group, capable of secretly fetching modules, executing commands, and communicating with attackers. This advanced threat uses a plugin-based architecture and encrypted gRPC streaming to stay one step ahead.

Analyst 207
Laptop screen displays Microsoft Teams call on a home office desk with a phone and headset nearby.

Microsoft Teams Abused to Deploy EtherRAT Malware via Fake IT Support Calls

Beware of fake IT support calls on Microsoft Teams - hackers are using convincing tactics, including a phishing email with a malicious PDF, to trick victims into downloading the potent EtherRAT malware. They impersonate system administrators to gain your trust, making it crucial to stay vigilant.

Analyst 207
Cluttered tech lab with scattered devices, laptops, and tools under indoor lighting.

QuimaRAT Exposes Cross-Platform Threat Capabilities

Meet QuimaRAT, a commercialized remote access trojan package that's being sold as a malware-as-a-service, threatening security across multiple platforms with its flexible subscription tiers. This Java-based tool is marketed for a surprisingly low price, ranging from $150 for a month to $1,200 for lifetime access.

Analyst 207
Cluttered workspace with laptop showing code on screen, surrounded by papers and coffee cups.

ChocoPoC Malware Targets Vulnerability Researchers via Fake PoC Repos

Beware of fake proof-of-concept repositories on GitHub - a new malware called ChocoPoC is hiding in plain sight, stealing data from vulnerability researchers through a cleverly designed trap. This sneaky malware uses a dependency chain to infect systems, masquerading as a harmless Python proof-of-concept exploit.

Analyst 207
Cybersecurity researcher sits at cluttered desk with laptop and papers, looking concerned.

Malware Exploits GitHub PoCs to Target Cybersecurity Researchers

Cybersecurity researchers are being targeted by a sneaky new campaign that uses malicious GitHub proof-of-concept exploits to deliver a remote access trojan, with over 2,400 downloads of a trojanized Python package already recorded. The attack unfolds through a multi-stage supply-chain trick involving compromised PyPI packages.

Analyst 207
Cybersecurity researcher working at cluttered desk with laptop and Linux devices nearby.

Malware Delivered via Trojanized GitHub Exploits Targets Security Researchers

Security researchers have been targeted by a sneaky malware campaign that uses trojanized GitHub exploits to deliver a Python-based remote access trojan, hiding in plain sight within popular proof-of-concept code repositories. The malware, downloaded over 2,400 times mostly on Linux-based systems, was spread through malicious packages cleverly concealed in dependency lists on GitHub.

Analyst 207
User downloads software from computer in home office, with fake website and zip file in foreground.

ScreenConnect Exploited in Large-Scale Campaign Disguised as Freeware

Cybercriminals have launched a massive campaign disguising a malicious ScreenConnect installer as freeware, tricking users into downloading it from over 90 fake websites in 10 languages. The scam starts with a bogus OBS Studio download that secretly installs the ScreenConnect utility, ultimately delivering a nasty AsyncRAT payload.

Analyst 207
Smartphone on a city transit platform with blurred screen and abstract cyber threat representation.

Millenium RAT Infects 60,000 Devices in Global Cyber Campaign

A new iteration of the Millenium RAT malware has infected 62,289 devices worldwide, with a staggering 39,730 compromises occurring in just the first quarter of 2026, thanks to its upgraded native C++ architecture that helps it evade detection. This powerful Telegram-controlled remote access trojan has become even more elusive in its latest version.

Analyst 207
Rack-mounted equipment and cables in a server room with a computer monitor in the background.

Mistic Backdoor Targets Multiple Sectors in KongTuke's Financially Motivated Attacks

Meet Mistic, a sneaky backdoor that's leaving a trail of financial chaos across multiple sectors, thanks to its ability to run quietly in memory with no digital fingerprints left behind. Its arsenal includes a range of remote-access capabilities, from file uploads and downloads to code execution, all designed to keep attackers in the driver's seat for the long haul.

Analyst 207
Software development workstation with laptop, coding tools, and notes in a brightly-lit neutral environment.

Malicious npm Packages Deliver Windows RAT via PostCSS Tooling

Beware of malicious npm packages masquerading as popular tools like PostCSS - researchers have uncovered three fake packages that have racked up over 1,000 downloads and deliver a sneaky Windows remote access trojan. These lookalike packages, published just over a month ago, have been cleverly designed to fly under the radar.

Analyst 207
Person working on laptop with Microsoft Teams open in a brightly-lit office setting.

DragonForce Hackers Exploit Microsoft Teams to Conceal Backdoor Traffic

Meet Backdoor.Turn, a sneaky malware that uses Microsoft Teams to hide its secret communication with hackers, leveraging the platform's relay infrastructure to stay under the radar. By masquerading as a legitimate connection, it allows attackers to remotely control infected systems undetected.

Analyst 207
Smartphone on cluttered table with blurred screen, surrounded by scattered financial papers.

Rokarolla Malware Targets Android Banking Apps with 137 Commands

Meet Rokarolla, a sneaky Android banking trojan that's taking aim at 217 banking and cryptocurrency apps with an arsenal of 137 remote commands, giving attackers alarming control over infected phones. This malicious malware is designed to outsmart even Google's Play Protect defenses, putting your financial security at risk.

Analyst 207
Blurred laptop screen showing Microsoft Teams on a plain surface with office supplies nearby.

Ransomware Gang Exploits Microsoft Teams to Conceal Malicious Traffic

Meet Backdoor.Turn, a sneaky new malware that's abusing Microsoft Teams to hide its malicious activities - and it's a game-changer for cyber threats. This clever RAT uses Teams' own infrastructure against us, making it harder to spot its secret communications.

Analyst 207
Cluttered home office with laptop and scattered papers in dim light.

SilabRAT Trojan Targets Crypto Wallets with Session Hijacking

Meet SilabRAT, a sneaky Trojan that's been sold as a malware-as-a-service on dark web forums since late 2025, allowing cybercrooks to hijack crypto wallet sessions and swipe funds. For just $5,000 a month, attackers can get their hands on this powerful tool and start targeting unsuspecting crypto wallet users.

Analyst 207
Discarded Android smartphones and tech components litter a dimly lit urban alleyway.

ESET Exposes BTMOB Android Malware Service

Meet BTMOB, a sneaky Android malware that's being sold as a subscription service - think $700/month or a one-time $5,000 fee for a lifetime license - making it easy for anyone to become a cyber threat actor. This malware-as-a-service platform even comes with a user-friendly APK builder, requiring zero coding skills.

Analyst 207
Modern bank lobby with customer service desk and banking terminals.

Malware Campaigns Target Windows, Android Users in Global Finance Sector

Global finance sector faces a double threat as malware campaigns target Windows and Android users, with attackers using clever tactics like hiding in trusted traffic and selling mobile RATs as turnkey services. Two recent campaigns, one using Grandoreiro malware in Portugal, Spain, and Mexico, and another using a new BTMOB trojan in Brazil, highlight the evolving threat landscape.

Analyst 207
Smartphone on cluttered desk with login prompt on screen.

BTMOB Android RAT Exploits No-Code Tools in Global Phishing Campaigns

A single malicious download can put an entire company's sensitive data at risk, so it's crucial for corporate security teams to educate employees on the dangers of rogue apps.

Analyst 207
Brightly-lit financial sector setting with computer workstation in background.

Lazarus Group Deploys Memory-Only RAT in Financial Sector Attacks

The notorious Lazarus Group has unleashed a sneaky new attack tool, a memory-only Remote Access Trojan (RAT), targeting the financial sector with cunning precision. This stealthy malware, known as RemotePE, is just the latest weapon in the group's arsenal, and it's being used to infiltrate and manipulate its victims.

Analyst 207
Modern tech facility with laptop workstation and blank screen.

Iran-nexus APT Expands Espionage Ops with New RAT Variants

Unit 42 researchers have uncovered a sophisticated espionage campaign by an Iran-linked threat group, dubbed Screening Serpens, which has deployed six new remote access Trojan (RAT) variants to target entities across the US, Israel, and the Middle East. These variants, part of two distinct malware families, signal a significant expansion of the group's cyber spying operations.

Analyst 207
Rack-mounted Linux server in a data center with a blank screen.

Ivanti, Palo Alto Networks Flaws Exploited in Active Attacks

Meet Quasar Linux RAT, a sneaky malware that combines remote access, evasion, and data theft capabilities, making it a potent threat to Linux systems. This powerful tool lets hackers secretly control infected hosts, harvest sensitive info, and even create a network of compromised devices that communicate with each other.

Analyst 207
Windows computer workstation in an office setting with router and cables, and a blank laptop screen on the desk.

Python Backdoor Exploits Tunneling Service to Harvest Browser, Cloud Credentials

Meet DEEP#DOOR, a sneaky Python-based backdoor framework that's harvesting browser and cloud credentials by exploiting a tunneling service, and learn how it infiltrates systems through a clever sequence of stealthy steps. This sophisticated threat starts with a simple batch script that disables Windows security controls and ends with a fully featured Remote Access Trojan (RAT).

Analyst 207
Dimly lit workspace with laptop, scattered papers, and broken phone, surrounded by obsidian shards.

Obsidian Plugin Abuse Enables PHANTOMPULSE RAT in Finance, Crypto Attacks

Beware of the notebook that's supposed to keep your secrets safe - researchers have discovered a sneaky new attack that uses Obsidian plugin abuse to slip a powerful Trojan into your system. This novel social engineering campaign targets finance and crypto sectors with a previously unknown RAT called PHANTOMPULSE.

Analyst 207