Tag: remote access trojan
72 articles

GoSerpent Malware Evolves with Advanced Data Exfiltration Tactics
In late 2025, a new wave of malicious activity emerged, led by the evolved GoSerpent malware, which has been quietly lurking in the shadows since at least 2021. This stealthy backdoor has upgraded its data exfiltration tactics, putting organizations on high alert.

LabubaRAT Exploits NVIDIA Disguise to Control Windows Hosts
Meet LabubaRAT, a sneaky threat that masquerades as NVIDIA software to take control of Windows hosts, allowing hackers to profile, capture, and manipulate sensitive data. Once deployed, it creates a hidden backdoor for further malicious activity.

Silver Fox Deploying Advanced Modular RAT via gRPC Streaming
Meet MODBEACON, a sneaky new Remote Access Trojan linked to the Silver Fox cybercrime group, capable of secretly fetching modules, executing commands, and communicating with attackers. This advanced threat uses a plugin-based architecture and encrypted gRPC streaming to stay one step ahead.

Microsoft Teams Abused to Deploy EtherRAT Malware via Fake IT Support Calls
Beware of fake IT support calls on Microsoft Teams - hackers are using convincing tactics, including a phishing email with a malicious PDF, to trick victims into downloading the potent EtherRAT malware. They impersonate system administrators to gain your trust, making it crucial to stay vigilant.

QuimaRAT Exposes Cross-Platform Threat Capabilities
Meet QuimaRAT, a commercialized remote access trojan package that's being sold as a malware-as-a-service, threatening security across multiple platforms with its flexible subscription tiers. This Java-based tool is marketed for a surprisingly low price, ranging from $150 for a month to $1,200 for lifetime access.

ChocoPoC Malware Targets Vulnerability Researchers via Fake PoC Repos
Beware of fake proof-of-concept repositories on GitHub - a new malware called ChocoPoC is hiding in plain sight, stealing data from vulnerability researchers through a cleverly designed trap. This sneaky malware uses a dependency chain to infect systems, masquerading as a harmless Python proof-of-concept exploit.

Malware Exploits GitHub PoCs to Target Cybersecurity Researchers
Cybersecurity researchers are being targeted by a sneaky new campaign that uses malicious GitHub proof-of-concept exploits to deliver a remote access trojan, with over 2,400 downloads of a trojanized Python package already recorded. The attack unfolds through a multi-stage supply-chain trick involving compromised PyPI packages.

Malware Delivered via Trojanized GitHub Exploits Targets Security Researchers
Security researchers have been targeted by a sneaky malware campaign that uses trojanized GitHub exploits to deliver a Python-based remote access trojan, hiding in plain sight within popular proof-of-concept code repositories. The malware, downloaded over 2,400 times mostly on Linux-based systems, was spread through malicious packages cleverly concealed in dependency lists on GitHub.

ScreenConnect Exploited in Large-Scale Campaign Disguised as Freeware
Cybercriminals have launched a massive campaign disguising a malicious ScreenConnect installer as freeware, tricking users into downloading it from over 90 fake websites in 10 languages. The scam starts with a bogus OBS Studio download that secretly installs the ScreenConnect utility, ultimately delivering a nasty AsyncRAT payload.

Millenium RAT Infects 60,000 Devices in Global Cyber Campaign
A new iteration of the Millenium RAT malware has infected 62,289 devices worldwide, with a staggering 39,730 compromises occurring in just the first quarter of 2026, thanks to its upgraded native C++ architecture that helps it evade detection. This powerful Telegram-controlled remote access trojan has become even more elusive in its latest version.

Mistic Backdoor Targets Multiple Sectors in KongTuke's Financially Motivated Attacks
Meet Mistic, a sneaky backdoor that's leaving a trail of financial chaos across multiple sectors, thanks to its ability to run quietly in memory with no digital fingerprints left behind. Its arsenal includes a range of remote-access capabilities, from file uploads and downloads to code execution, all designed to keep attackers in the driver's seat for the long haul.

Malicious npm Packages Deliver Windows RAT via PostCSS Tooling
Beware of malicious npm packages masquerading as popular tools like PostCSS - researchers have uncovered three fake packages that have racked up over 1,000 downloads and deliver a sneaky Windows remote access trojan. These lookalike packages, published just over a month ago, have been cleverly designed to fly under the radar.

DragonForce Hackers Exploit Microsoft Teams to Conceal Backdoor Traffic
Meet Backdoor.Turn, a sneaky malware that uses Microsoft Teams to hide its secret communication with hackers, leveraging the platform's relay infrastructure to stay under the radar. By masquerading as a legitimate connection, it allows attackers to remotely control infected systems undetected.

Rokarolla Malware Targets Android Banking Apps with 137 Commands
Meet Rokarolla, a sneaky Android banking trojan that's taking aim at 217 banking and cryptocurrency apps with an arsenal of 137 remote commands, giving attackers alarming control over infected phones. This malicious malware is designed to outsmart even Google's Play Protect defenses, putting your financial security at risk.

Ransomware Gang Exploits Microsoft Teams to Conceal Malicious Traffic
Meet Backdoor.Turn, a sneaky new malware that's abusing Microsoft Teams to hide its malicious activities - and it's a game-changer for cyber threats. This clever RAT uses Teams' own infrastructure against us, making it harder to spot its secret communications.

SilabRAT Trojan Targets Crypto Wallets with Session Hijacking
Meet SilabRAT, a sneaky Trojan that's been sold as a malware-as-a-service on dark web forums since late 2025, allowing cybercrooks to hijack crypto wallet sessions and swipe funds. For just $5,000 a month, attackers can get their hands on this powerful tool and start targeting unsuspecting crypto wallet users.

ESET Exposes BTMOB Android Malware Service
Meet BTMOB, a sneaky Android malware that's being sold as a subscription service - think $700/month or a one-time $5,000 fee for a lifetime license - making it easy for anyone to become a cyber threat actor. This malware-as-a-service platform even comes with a user-friendly APK builder, requiring zero coding skills.

Malware Campaigns Target Windows, Android Users in Global Finance Sector
Global finance sector faces a double threat as malware campaigns target Windows and Android users, with attackers using clever tactics like hiding in trusted traffic and selling mobile RATs as turnkey services. Two recent campaigns, one using Grandoreiro malware in Portugal, Spain, and Mexico, and another using a new BTMOB trojan in Brazil, highlight the evolving threat landscape.

BTMOB Android RAT Exploits No-Code Tools in Global Phishing Campaigns
A single malicious download can put an entire company's sensitive data at risk, so it's crucial for corporate security teams to educate employees on the dangers of rogue apps.

Lazarus Group Deploys Memory-Only RAT in Financial Sector Attacks
The notorious Lazarus Group has unleashed a sneaky new attack tool, a memory-only Remote Access Trojan (RAT), targeting the financial sector with cunning precision. This stealthy malware, known as RemotePE, is just the latest weapon in the group's arsenal, and it's being used to infiltrate and manipulate its victims.

Iran-nexus APT Expands Espionage Ops with New RAT Variants
Unit 42 researchers have uncovered a sophisticated espionage campaign by an Iran-linked threat group, dubbed Screening Serpens, which has deployed six new remote access Trojan (RAT) variants to target entities across the US, Israel, and the Middle East. These variants, part of two distinct malware families, signal a significant expansion of the group's cyber spying operations.

Ivanti, Palo Alto Networks Flaws Exploited in Active Attacks
Meet Quasar Linux RAT, a sneaky malware that combines remote access, evasion, and data theft capabilities, making it a potent threat to Linux systems. This powerful tool lets hackers secretly control infected hosts, harvest sensitive info, and even create a network of compromised devices that communicate with each other.

Python Backdoor Exploits Tunneling Service to Harvest Browser, Cloud Credentials
Meet DEEP#DOOR, a sneaky Python-based backdoor framework that's harvesting browser and cloud credentials by exploiting a tunneling service, and learn how it infiltrates systems through a clever sequence of stealthy steps. This sophisticated threat starts with a simple batch script that disables Windows security controls and ends with a fully featured Remote Access Trojan (RAT).

Obsidian Plugin Abuse Enables PHANTOMPULSE RAT in Finance, Crypto Attacks
Beware of the notebook that's supposed to keep your secrets safe - researchers have discovered a sneaky new attack that uses Obsidian plugin abuse to slip a powerful Trojan into your system. This novel social engineering campaign targets finance and crypto sectors with a previously unknown RAT called PHANTOMPULSE.