Latest RAT news

New Bifrost malware for Linux mimics VMware domain for evasion

A new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware.
- Bill Toulas
- February 29, 2024
- 04:36 PM
- 0
Hackers used new Windows Defender zero-day to drop DarkMe malware

Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT).
- Sergiu Gatlan
- February 13, 2024
- 03:52 PM
- 0
FBI seizes Warzone RAT infrastructure, arrests malware vendor

The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation.
- Bill Toulas
- February 12, 2024
- 06:09 PM
- 1
New NKAbuse malware abuses NKN blockchain for stealthy comms

A new Go-based multi-platform malware identified as 'NKAbuse' is the first malware abusing NKN (New Kind of Network) technology for data exchange, making it a stealthy threat.
- Bill Toulas
- December 14, 2023
- 05:15 PM
- 0
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug

The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang.
- Bill Toulas
- December 11, 2023
- 04:25 PM
- 0
Krasue RAT malware hides on Linux servers using embedded rootkits

Security researchers discovered a remote access trojan they named Krasue that is targeting Linux systems of telecommunications companies and managed to remain undetected since 2021.
- Bill Toulas
- December 07, 2023
- 01:00 AM
- 0
Russian-speaking threat actor "farnetwork" linked to 5 ransomware gangs

The operator of the Nokoyawa ransomware-as-a-service (RaaS), a threat actor known as 'farnetwork', built experience over the years by helping the JSWORM, Nefilim, Karma, and Nemty affiliate programs with malware development and operation management.
- Bill Toulas
- November 08, 2023
- 04:32 AM
- 0
Fake WinRAR proof-of-concept exploit drops VenomRAT malware

A hacker is spreading a fake proof-of-concept (PoC) exploit for a recently fixed WinRAR vulnerability on GitHub, attempting to infect downloaders with the VenomRAT malware.
- Bill Toulas
- September 20, 2023
- 10:49 AM
- 0
'Redfly' hackers infiltrated power supplier's network for 6 months

An espionage threat group tracked as 'Redfly' hacked a national electricity grid organization in Asia and quietly maintained access to the breached network for six months.
- Bill Toulas
- September 12, 2023
- 06:00 AM
- 0
Hackers use public ManageEngine exploit to breach internet org

The North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability (CVE-2022-47966) in Zoho's ManageEngine ServiceDesk to compromise an internet backbone infrastructure provider and healthcare organizations.
- Bill Toulas
- August 24, 2023
- 08:31 AM
- 0
Amazon's AWS SSM agent can be used as post-exploitation RAT malware

Researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows hackers to use the platform's System Manager (SSM) agent as an undetectable Remote Access Trojan (RAT).
- Bill Toulas
- August 02, 2023
- 11:18 AM
- 4
AVrecon malware infects 70,000 Linux routers to build botnet

Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service.
- Sergiu Gatlan
- July 14, 2023
- 02:35 AM
- 3
RomCom hackers target NATO Summit attendees in phishing attacks

A threat actor referred to as 'RomCom' has been targeting organizations supporting Ukraine and guests of the upcoming NATO Summit set to start tomorrow in Vilnius, Lithuania.
- Bill Toulas
- July 10, 2023
- 04:44 PM
- 0
New EarlyRAT malware linked to North Korean Andariel hacking group

Security analysts have discovered a previously undocumented remote access trojan (RAT) named 'EarlyRAT,' used by Andariel, a sub-group of the Lazarus North Korean state-sponsored hacking group.
- Bill Toulas
- June 29, 2023
- 01:39 PM
- 0
Hackers use fake OnlyFans pics to drop info-stealing malware

A malware campaign is using fake OnlyFans content and adult lures to install a remote access trojan known as 'DcRAT,' allowing threat actors to steal data and credentials or deploy ransomware on the infected device.
- Bill Toulas
- June 19, 2023
- 01:14 PM
- 3
New 'PowerDrop' PowerShell malware targets U.S. aerospace industry

A new PowerShell malware script named 'PowerDrop' has been discovered to be used in attacks targeting the U.S. aerospace defense industry.
- Bill Toulas
- June 06, 2023
- 09:00 AM
- 0
Stealthy SeroXen RAT malware increasingly used to target gamers

A stealthy remote access trojan (RAT) named 'SeroXen' has recently gained popularity as cybercriminals begin using it for its low detection rates and powerful capabilities.
- Bill Toulas
- May 31, 2023
- 12:56 PM
- 1
RomCom malware spread via Google Ads for ChatGPT, GIMP, more

A new campaign distributing the RomCom backdoor malware is impersonating the websites of well-known or fictional software, tricking users into downloading and launching malicious installers.
- Bill Toulas
- May 30, 2023
- 03:01 PM
- 2
New AhRat Android malware hidden in app with 50,000 installs

ESET malware researchers have discovered a new remote access trojan (RAT) on the Google Play Store, bundled with an Android screen recording app with 50,000 installs.
- Sergiu Gatlan
- May 23, 2023
- 10:53 AM
- 0
Decoy Dog malware toolkit found after analyzing 70 billion daily DNS queries

A new enterprise-targeting malware toolkit called 'Decoy Dog' has been discovered after inspecting anomalous DNS traffic that is distinctive from regular internet activity.
- Bill Toulas
- April 23, 2023
- 10:25 AM
- 3