Skip to main content

Tag: remote access trojan

72 articles

Cracked smartphone on a dark surface surrounded by tangled wires, with a blurred cityscape at dusk in the background.

Mirax RAT Exploits Meta Apps to Infiltrate Android Devices

Beware of fake ads on Meta apps - a sneaky new malware called Mirax RAT is using them to secretly take control of Android devices, with a focus on Spanish-speaking nations. This remote access Trojan is part of a growing Malware-as-a-Service economy that's putting unsuspecting users at risk.

Analyst 207
Dark cityscape with shattered smartphone, shadowy figure lurking, and faint laptop glow in distance.

Mirax RAT Exploits Meta Ads to Hijack 220,000 Devices

Meet Mirax RAT, a sneaky Android malware that's hijacked over 220,000 devices by exploiting Meta Ads, giving strangers full control over unsuspecting users' phones. This malicious code has rapidly spread to hundreds of thousands of social accounts, showcasing the alarming power of mainstream ad platforms in the wrong hands.

Analyst 207
Cracked smartphone surrounded by screens displaying distorted code with a looming figure in a dimly lit cityscape at dusk.

APT37 Exploits Facebook for RokRAT Malware Delivery

North Korean hackers APT37 have cleverly turned Facebook friend requests into a sneaky way to deliver RokRAT malware, exploiting our natural tendency to trust social connections. By accepting a friend request, victims unwittingly open the door to a remote access trojan that can compromise their device.

Analyst 207
Dark laptop screen with eerie glow, cracked CPU chip, tangled wires, and silhouette of person holding mysterious device.

CPUID Compromised, Trojanized Software Deploys STX RAT

For one day in April, unsuspecting users who visited CPUID.com, a trusted site for hardware-monitoring tools, unknowingly downloaded trojanized software that deployed a malicious remote access trojan called STX RAT. The compromised software, including CPU-Z and HWMonitor, turned a trusted resource into a malware delivery vehicle.

Analyst 207

New Trojan STX RAT Targets Finance Sector with Sophisticated Stealth Methods

Meet STX RAT, a sneaky new remote access trojan that's got its sights set on the finance sector, using advanced stealth methods and command-and-control capabilities to evade detection. This latest threat is a wake-up call for defenders, testing their readiness to respond to increasingly sophisticated attacks.

Analyst 207
CrystalRAT Malware Emerges with Advanced RAT and Data Theft Capabilities

CrystalRAT Malware Emerges with Advanced RAT and Data Theft Capabilities

Meet CrystalRAT, a powerful malware-as-a-service that's being sold on Telegram, capable of giving outsiders remote control of your computer, stealing sensitive files, recording every keystroke, and even hijacking your clipboard. This malicious tool is a nightmare come true, and its emergence poses a serious threat to online security.

Analyst 207
AtlasCross RAT Fuels Alarming Asia Cyber Espionage Expansion

AtlasCross RAT Fuels Alarming Asia Cyber Espionage Expansion

A new and sophisticated cyber threat, AtlasCross RAT, is targeting Chinese-speaking users in Asia, sparking concerns about the region's growing vulnerability to cyber espionage. As cyber adversaries expand their reach, the question is: are we prepared to face the rising tide of cyber attacks?

Analyst 207
North Korea’s APT37 Exclusive: Dangerous Tool Hits Air-Gap

North Korea’s APT37 Exclusive: Dangerous Tool Hits Air-Gap

Think the most isolated machines are untouchable? North Korea’s APT37 has broadened its toolkit — combining believable lures with new utilities that can defeat air‑gap protections and put highly sensitive systems at fresh risk.

Analyst 207
pkr_mtsi Reveals Stunning, Dangerous Payloads

pkr_mtsi Reveals Stunning, Dangerous Payloads

Think of pkr_mtsi as a benign-looking packer that attackers have turned into a slick delivery system—using malvertising and social lures to slip credential stealers, covert coin‑miners, and backdoors onto victims’ PCs. By running loaders in memory and staging payloads, it keeps infections quiet while letting criminals squeeze ongoing profit from compromised machines.

Analyst 207
Transparent Tribe Targets India: Exclusive Severe RAT Alert

Transparent Tribe Targets India: Exclusive Severe RAT Alert

Heads up: Transparent Tribe is slipping weaponized .LNK shortcut files disguised as PDFs into spear-phishing emails, silently installing a remote-access trojan that can steal data and maintain persistent access to Indian government, academic, and strategic networks.

Analyst 207
New Atroposia RAT Exclusive: Dangerous Dark Web Threat

New Atroposia RAT Exclusive: Dangerous Dark Web Threat

Meet Atroposia RAT: a modular, encrypted remote-access trojan on the dark web that grants attackers a stealthy, persistent foothold to harvest credentials and siphon crypto wallets. Defenders need to move beyond static hashes and rely on behavioral analytics, EDR, and tuned network telemetry to spot its evasive moves.

Analyst 207
Blitz Spear Phishing Campaign Exclusive: NGOs at Risk

Blitz Spear Phishing Campaign Exclusive: NGOs at Risk

Imagine the inbox that coordinates relief suddenly opening the door to attackers: a one-day spear-phishing blitz—dubbed PhantomCaptcha—targeted NGOs and regional offices helping Ukraine with convincing impersonations and weaponized attachments to harvest credentials and deploy malware. It’s a stark reminder that adversaries now weaponize trust and identity to disrupt aid, not just networks.

Analyst 207
Pakistani-Linked Hacker Group: Exclusive Threat to India

Pakistani-Linked Hacker Group: Exclusive Threat to India

Pakistan-linked operators are quietly slipping DeskRAT into Indian government networks to siphon secrets — a stealthy espionage campaign that makes stronger detection, logging and diplomatic response urgent.

Analyst 207
Lazarus Group Exclusive: DreamJob Threatens EU Defenses

Lazarus Group Exclusive: DreamJob Threatens EU Defenses

“If you build it, they will steal it” — North Korea’s Lazarus Group is quietly targeting EU drone engineers, lifting schematics, firmware, and supplier data to speed or sabotage adversaries’ emulation of Western platforms. The result: stolen designs and corrupted files that can derail production and readiness without a single shot fired.

Analyst 207
Dark laptop screen with distorted CAPTCHA, Ukraine map, cracked glass, and ominous glowing eyes in shadows.

PhantomCaptcha Campaign: Stunning Threat to Ukraine Aid

What if the message promising help handed attackers the keys? The PhantomCaptcha campaign did exactly that — a surgical phishing blitz using believable impersonation and innocuous-looking attachments to steal credentials and threaten Ukraine relief efforts.

Analyst 207
PhantomCaptcha Campaign: Exclusive Danger to Ukraine Relief

PhantomCaptcha Campaign: Exclusive Danger to Ukraine Relief

PhantomCaptcha hijacks trusted-looking emails to trick aid workers into opening weaponized attachments that install credential stealers and remote access tools, risking disruption of Ukraine relief operations. Learn its tradecraft—plausible senders, urgent subjects, and innocuous file types—so a single click doesn’t hand attackers the keys.

Analyst 207
Person in shadows sits before laptop with eerie glow, amidst scattered papers and a remote, with a cityscape of India in…

APT36 Exclusive: Critical Golang DeskRAT Threat to India

Heres the scoop: a targeted spear-phishing campaign installed DeskRAT—a compact, Golang-based remote access tool linked to APT36—into Indian government systems, letting attackers read emails, capture keystrokes and siphon sensitive files. Lightweight and cross-platform, DeskRAT underscores how APT36’s patient social-engineering playbook keeps compromising high-value targets.

Analyst 207
APT36 Exclusive: Golang DeskRAT Threatens India

APT36 Exclusive: Golang DeskRAT Threatens India

This autumn, a seemingly innocent spear-phish opened the door to DeskRAT, a Golang-based remote-access trojan tied to APT36 (Transparent Tribe) that slipped into Indian government networks to harvest credentials and siphon documents. Analysts warn the groups move to Go makes these cross-platform implants smaller, stealthier, and tougher to pin down—an unnerving evolution in a decade-long espionage playbook.

Analyst 207
APT36 Exclusive: Critical Golang DeskRAT Threat Hits India

APT36 Exclusive: Critical Golang DeskRAT Threat Hits India

Think a phishing email cant threaten national security? In summer 2025, tailored spear-phishing delivered Golang DeskRAT into Indian government networks — a stealthy APT36 tool that turns a single click into a strategic risk.

Analyst 207
malware development: Exclusive Risky AI Abuse Exposed

malware development: Exclusive Risky AI Abuse Exposed

OpenAI says it disrupted three groups misusing ChatGPT to develop malware — from a Russian actor refining a RAT and credential‑stealer to activity tied to China and North Korea — highlighting how easily generative AI can be repurposed for harm. The takedown bought defenders time, but it also raises urgent questions about policing, policy and how to keep powerful tools useful without arming attackers.

Analyst 207
Android remote access trojan: Exclusive Risky Threat

Android remote access trojan: Exclusive Risky Threat

“If you can see nothing, they can take everything” — Klopatra is a stealthy new Android remote-access trojan that quietly hijacks phones to steal banking credentials, intercept one-time codes, and automate fraudulent transactions. Stay vigilant: only install apps from trusted stores, scrutinize accessibility and overlay permissions, and push behavioral mobile security and out-of-band authentication to blunt these targeted, modular attacks.

Analyst 207
PyPI packages: Risky SilentSync Alert — Must-Have Fix

PyPI packages: Risky SilentSync Alert — Must-Have Fix

Cybersecurity researchers found two malicious PyPI packages that delivered the SilentSync RAT to Windows machines, enabling remote command execution, file theft and screen capture. Treat your dependency tree like an attack surface—audit packages, pin versions and lock down CI to stop supply-chain intrusions.

Analyst 207
GitHub Pages Risky SEO Attack — Exclusive Warning

GitHub Pages Risky SEO Attack — Exclusive Warning

Imagine downloading what looks like legitimate software only to find your PC compromised — attackers are using SEO tricks and GitHub Pages to push kkRAT to Chinese-speaking users by creating convincing fake download pages and hijacking search rankings. Fortinet warns this weaponized trust turns routine searches into infection vectors, so stick to vendor sites and double-check every download.

Analyst 207
fileless malware: Deadly Exclusive Stealth Threat

fileless malware: Deadly Exclusive Stealth Threat

Imagine fighting a ghost that leaves no footprint — attackers are running AsyncRAT entirely in memory, hiding behind trusted Windows tools like PowerShell and rundll32. Luckily, better runtime visibility, behavioral EDR and stronger identity controls can help defenders spot and stop these stealthy, fileless intrusions.

Analyst 207