Latest Remote Access Trojan news

New Bifrost malware for Linux mimics VMware domain for evasion

A new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware.
- Bill Toulas
- February 29, 2024
- 04:36 PM
- 0
FBI seizes Warzone RAT infrastructure, arrests malware vendor

The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation.
- Bill Toulas
- February 12, 2024
- 06:09 PM
- 1
Amazon's AWS SSM agent can be used as post-exploitation RAT malware

Researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows hackers to use the platform's System Manager (SSM) agent as an undetectable Remote Access Trojan (RAT).
- Bill Toulas
- August 02, 2023
- 11:18 AM
- 4
RomCom hackers target NATO Summit attendees in phishing attacks

A threat actor referred to as 'RomCom' has been targeting organizations supporting Ukraine and guests of the upcoming NATO Summit set to start tomorrow in Vilnius, Lithuania.
- Bill Toulas
- July 10, 2023
- 04:44 PM
- 0
New EarlyRAT malware linked to North Korean Andariel hacking group

Security analysts have discovered a previously undocumented remote access trojan (RAT) named 'EarlyRAT,' used by Andariel, a sub-group of the Lazarus North Korean state-sponsored hacking group.
- Bill Toulas
- June 29, 2023
- 01:39 PM
- 0
New 'PowerDrop' PowerShell malware targets U.S. aerospace industry

A new PowerShell malware script named 'PowerDrop' has been discovered to be used in attacks targeting the U.S. aerospace defense industry.
- Bill Toulas
- June 06, 2023
- 09:00 AM
- 0
Stealthy SeroXen RAT malware increasingly used to target gamers

A stealthy remote access trojan (RAT) named 'SeroXen' has recently gained popularity as cybercriminals begin using it for its low detection rates and powerful capabilities.
- Bill Toulas
- May 31, 2023
- 12:56 PM
- 1
RomCom malware spread via Google Ads for ChatGPT, GIMP, more

A new campaign distributing the RomCom backdoor malware is impersonating the websites of well-known or fictional software, tricking users into downloading and launching malicious installers.
- Bill Toulas
- May 30, 2023
- 03:01 PM
- 2
New AhRat Android malware hidden in app with 50,000 installs

ESET malware researchers have discovered a new remote access trojan (RAT) on the Google Play Store, bundled with an Android screen recording app with 50,000 installs.
- Sergiu Gatlan
- May 23, 2023
- 10:53 AM
- 0
npm packages caught serving TurkoRAT binaries that mimic NodeJS

Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead drops a sinister trojan.
- Ax Sharma
- May 20, 2023
- 09:06 AM
- 0
New LOBSHOT malware gives hackers hidden VNC access to Windows devices

A new malware known as 'LOBSHOT' distributed using Google ads allows threat actors to stealthily take over infected Windows devices using hVNC.
- Lawrence Abrams
- May 01, 2023
- 02:15 PM
- 3
RAT developer arrested for infecting 10,000 PCs with malware

Ukraine's cyberpolice has arrested the developer of a remote access trojan (RAT) malware that infected over 10,000 computers while posing as game applications.
- Bill Toulas
- March 17, 2023
- 11:36 AM
- 0
Police seize Netwire RAT malware infrastructure, arrest admin

An international law enforcement operation involving the FBI and police agencies worldwide led to the arrest of the suspected administrator of the NetWire remote access trojan and the seizure of the service's web domain and hosting server.
- Lawrence Abrams
- March 09, 2023
- 06:24 PM
- 1
New stealthy Python RAT malware targets Windows in attacks

A new Python-based malware has been spotted in the wild featuring remote access trojan (RAT) capabilities to give its operators control over the breached systems.
- Bill Toulas
- January 25, 2023
- 09:53 AM
- 0
RAT malware campaign tries to evade detection using polyglot files

Operators of the StrRAT and Ratty remote access trojans (RAT) are running a new campaign using polyglot MSI/JAR and CAB/JAR files to evade detection from security tools.
- Bill Toulas
- January 12, 2023
- 05:24 PM
- 0
Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls

Six malicious packages on PyPI, the Python Package Index, were found installing information-stealing and RAT (remote access trojan) malware while using Cloudflare Tunnel to bypass firewall restrictions for remote access.
- Bill Toulas
- January 07, 2023
- 10:12 AM
- 0
BitRAT malware campaign uses stolen bank data for phishing

Threat actors behind a recent malware campaign have been using the stolen information of bank customers in Colombia as lures in phishing emails designed to infect targets with the BitRAT remote access trojan, according to cloud security firm Qualys.
- Sergiu Gatlan
- January 03, 2023
- 01:10 PM
- 0
Malicious extension lets attackers control Google Chrome remotely

A new Chrome browser botnet named 'Cloud9' has been discovered in the wild using malicious extensions to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the victim's browser in DDoS attacks.
- Bill Toulas
- November 08, 2022
- 04:37 PM
- 2
RomCom RAT malware campaign impersonates KeePass, SolarWinds NPM, Veeam

The threat actor behind the RomCom RAT (remote access trojan) has refreshed its attack vector and is now abusing well-known software brands for distribution.
- Bill Toulas
- November 03, 2022
- 03:36 PM
- 0
New Android malware 'RatMilad' can steal your data, record audio

A new Android spyware named 'RatMilad' was discovered targeting mobile devices in the Middle East, used to spy on victims and steal data.
- Bill Toulas
- October 05, 2022
- 07:00 AM
- 3