Tag: remote access trojan
72 articles

Mirax RAT Exploits Meta Apps to Infiltrate Android Devices
Beware of fake ads on Meta apps - a sneaky new malware called Mirax RAT is using them to secretly take control of Android devices, with a focus on Spanish-speaking nations. This remote access Trojan is part of a growing Malware-as-a-Service economy that's putting unsuspecting users at risk.

Mirax RAT Exploits Meta Ads to Hijack 220,000 Devices
Meet Mirax RAT, a sneaky Android malware that's hijacked over 220,000 devices by exploiting Meta Ads, giving strangers full control over unsuspecting users' phones. This malicious code has rapidly spread to hundreds of thousands of social accounts, showcasing the alarming power of mainstream ad platforms in the wrong hands.

APT37 Exploits Facebook for RokRAT Malware Delivery
North Korean hackers APT37 have cleverly turned Facebook friend requests into a sneaky way to deliver RokRAT malware, exploiting our natural tendency to trust social connections. By accepting a friend request, victims unwittingly open the door to a remote access trojan that can compromise their device.

CPUID Compromised, Trojanized Software Deploys STX RAT
For one day in April, unsuspecting users who visited CPUID.com, a trusted site for hardware-monitoring tools, unknowingly downloaded trojanized software that deployed a malicious remote access trojan called STX RAT. The compromised software, including CPU-Z and HWMonitor, turned a trusted resource into a malware delivery vehicle.
New Trojan STX RAT Targets Finance Sector with Sophisticated Stealth Methods
Meet STX RAT, a sneaky new remote access trojan that's got its sights set on the finance sector, using advanced stealth methods and command-and-control capabilities to evade detection. This latest threat is a wake-up call for defenders, testing their readiness to respond to increasingly sophisticated attacks.

CrystalRAT Malware Emerges with Advanced RAT and Data Theft Capabilities
Meet CrystalRAT, a powerful malware-as-a-service that's being sold on Telegram, capable of giving outsiders remote control of your computer, stealing sensitive files, recording every keystroke, and even hijacking your clipboard. This malicious tool is a nightmare come true, and its emergence poses a serious threat to online security.

AtlasCross RAT Fuels Alarming Asia Cyber Espionage Expansion
A new and sophisticated cyber threat, AtlasCross RAT, is targeting Chinese-speaking users in Asia, sparking concerns about the region's growing vulnerability to cyber espionage. As cyber adversaries expand their reach, the question is: are we prepared to face the rising tide of cyber attacks?

North Korea’s APT37 Exclusive: Dangerous Tool Hits Air-Gap
Think the most isolated machines are untouchable? North Korea’s APT37 has broadened its toolkit — combining believable lures with new utilities that can defeat air‑gap protections and put highly sensitive systems at fresh risk.

pkr_mtsi Reveals Stunning, Dangerous Payloads
Think of pkr_mtsi as a benign-looking packer that attackers have turned into a slick delivery system—using malvertising and social lures to slip credential stealers, covert coin‑miners, and backdoors onto victims’ PCs. By running loaders in memory and staging payloads, it keeps infections quiet while letting criminals squeeze ongoing profit from compromised machines.

Transparent Tribe Targets India: Exclusive Severe RAT Alert
Heads up: Transparent Tribe is slipping weaponized .LNK shortcut files disguised as PDFs into spear-phishing emails, silently installing a remote-access trojan that can steal data and maintain persistent access to Indian government, academic, and strategic networks.

New Atroposia RAT Exclusive: Dangerous Dark Web Threat
Meet Atroposia RAT: a modular, encrypted remote-access trojan on the dark web that grants attackers a stealthy, persistent foothold to harvest credentials and siphon crypto wallets. Defenders need to move beyond static hashes and rely on behavioral analytics, EDR, and tuned network telemetry to spot its evasive moves.

Blitz Spear Phishing Campaign Exclusive: NGOs at Risk
Imagine the inbox that coordinates relief suddenly opening the door to attackers: a one-day spear-phishing blitz—dubbed PhantomCaptcha—targeted NGOs and regional offices helping Ukraine with convincing impersonations and weaponized attachments to harvest credentials and deploy malware. It’s a stark reminder that adversaries now weaponize trust and identity to disrupt aid, not just networks.

Pakistani-Linked Hacker Group: Exclusive Threat to India
Pakistan-linked operators are quietly slipping DeskRAT into Indian government networks to siphon secrets — a stealthy espionage campaign that makes stronger detection, logging and diplomatic response urgent.

Lazarus Group Exclusive: DreamJob Threatens EU Defenses
“If you build it, they will steal it” — North Korea’s Lazarus Group is quietly targeting EU drone engineers, lifting schematics, firmware, and supplier data to speed or sabotage adversaries’ emulation of Western platforms. The result: stolen designs and corrupted files that can derail production and readiness without a single shot fired.

PhantomCaptcha Campaign: Stunning Threat to Ukraine Aid
What if the message promising help handed attackers the keys? The PhantomCaptcha campaign did exactly that — a surgical phishing blitz using believable impersonation and innocuous-looking attachments to steal credentials and threaten Ukraine relief efforts.

PhantomCaptcha Campaign: Exclusive Danger to Ukraine Relief
PhantomCaptcha hijacks trusted-looking emails to trick aid workers into opening weaponized attachments that install credential stealers and remote access tools, risking disruption of Ukraine relief operations. Learn its tradecraft—plausible senders, urgent subjects, and innocuous file types—so a single click doesn’t hand attackers the keys.

APT36 Exclusive: Critical Golang DeskRAT Threat to India
Heres the scoop: a targeted spear-phishing campaign installed DeskRAT—a compact, Golang-based remote access tool linked to APT36—into Indian government systems, letting attackers read emails, capture keystrokes and siphon sensitive files. Lightweight and cross-platform, DeskRAT underscores how APT36’s patient social-engineering playbook keeps compromising high-value targets.

APT36 Exclusive: Golang DeskRAT Threatens India
This autumn, a seemingly innocent spear-phish opened the door to DeskRAT, a Golang-based remote-access trojan tied to APT36 (Transparent Tribe) that slipped into Indian government networks to harvest credentials and siphon documents. Analysts warn the groups move to Go makes these cross-platform implants smaller, stealthier, and tougher to pin down—an unnerving evolution in a decade-long espionage playbook.

APT36 Exclusive: Critical Golang DeskRAT Threat Hits India
Think a phishing email cant threaten national security? In summer 2025, tailored spear-phishing delivered Golang DeskRAT into Indian government networks — a stealthy APT36 tool that turns a single click into a strategic risk.

malware development: Exclusive Risky AI Abuse Exposed
OpenAI says it disrupted three groups misusing ChatGPT to develop malware — from a Russian actor refining a RAT and credential‑stealer to activity tied to China and North Korea — highlighting how easily generative AI can be repurposed for harm. The takedown bought defenders time, but it also raises urgent questions about policing, policy and how to keep powerful tools useful without arming attackers.

Android remote access trojan: Exclusive Risky Threat
“If you can see nothing, they can take everything” — Klopatra is a stealthy new Android remote-access trojan that quietly hijacks phones to steal banking credentials, intercept one-time codes, and automate fraudulent transactions. Stay vigilant: only install apps from trusted stores, scrutinize accessibility and overlay permissions, and push behavioral mobile security and out-of-band authentication to blunt these targeted, modular attacks.

PyPI packages: Risky SilentSync Alert — Must-Have Fix
Cybersecurity researchers found two malicious PyPI packages that delivered the SilentSync RAT to Windows machines, enabling remote command execution, file theft and screen capture. Treat your dependency tree like an attack surface—audit packages, pin versions and lock down CI to stop supply-chain intrusions.

GitHub Pages Risky SEO Attack — Exclusive Warning
Imagine downloading what looks like legitimate software only to find your PC compromised — attackers are using SEO tricks and GitHub Pages to push kkRAT to Chinese-speaking users by creating convincing fake download pages and hijacking search rankings. Fortinet warns this weaponized trust turns routine searches into infection vectors, so stick to vendor sites and double-check every download.

fileless malware: Deadly Exclusive Stealth Threat
Imagine fighting a ghost that leaves no footprint — attackers are running AsyncRAT entirely in memory, hiding behind trusted Windows tools like PowerShell and rundll32. Luckily, better runtime visibility, behavioral EDR and stronger identity controls can help defenders spot and stop these stealthy, fileless intrusions.