Remote Access Trojan

Stealthy StilachiRAT steals data, may enable lateral movement

data theft, Malware, malware detection, Microsoft, News, Remote Access Trojan, Windows /

Stealthy StilachiRAT steals data, may enable lateral movement 2025-03-18 at 15:48 By Zeljka Zorz While still not widely distributed, a new Windows remote access trojan (RAT) dubbed StilachiRAT is a serious threat. “[The malware] demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data,” Microsoft threat analysts have warned on […]

React to this headline:

Loading spinner

Stealthy StilachiRAT steals data, may enable lateral movement Read More »

Ransomware gang targets IT workers with new RAT maquerading as IP scanner

Don't miss, enterprise, Hot stuff, News, Quorum Cyber, Ransomware, Remote Access Trojan /

Ransomware gang targets IT workers with new RAT maquerading as IP scanner 2024-08-06 at 16:31 By Zeljka Zorz Ransomware-as-a-service outfit Hunters International is wielding a new remote access trojan (RAT). “The malware, named SharpRhino due to its use of the C# programming language, is delivered through a typosquatting domain impersonating the legitimate tool Angry IP

React to this headline:

Loading spinner

Ransomware gang targets IT workers with new RAT maquerading as IP scanner Read More »

Operation ShadowCat: Targeting Indian Political Observers via a Stealthy RAT

Remote Access Trojan /

Operation ShadowCat: Targeting Indian Political Observers via a Stealthy RAT 2024-07-24 at 16:46 By Cyble Key Takeaways  Overview  A security researcher first detected and reported a similar variant in 2023. Based on these similarities, we suspect that the malicious LNK file is distributed to users via spam email.  The attack starts with a deceptive shortcut (.LNK)

React to this headline:

Loading spinner

Operation ShadowCat: Targeting Indian Political Observers via a Stealthy RAT Read More »

20,000 FortiGate appliances compromised by Chinese hackers

attacks, China, Don't miss, enterprise, Fortinet, Government, government-backed attacks, hardware, Hot stuff, Malware, News, Remote Access Trojan /

20,000 FortiGate appliances compromised by Chinese hackers 2024-06-12 at 14:16 By Zeljka Zorz Coathanger – a piece of malware specifically built to persist on Fortinet’s FortiGate appliances – may still be lurking on too many devices deployed worldwide. How Coathanger persists on FortiGate devices In February 2024, the Dutch Military Intelligence and Security Service (MIVD)

React to this headline:

Loading spinner

20,000 FortiGate appliances compromised by Chinese hackers Read More »

US organizations targeted with emails delivering NetSupport RAT

Don't miss, Hot stuff, Malware, News, Perception Point, phishing, Remote Access Trojan, social engineering /

US organizations targeted with emails delivering NetSupport RAT 2024-03-22 at 15:08 By Helga Labus Employees at US-based organizations are being targeted with emails delivering NetSupport RAT malware via “nuanced” exploitation and by using an advanced detection evasion method. The malware campaign The campaign, dubbed PhantomBlu, takes the form of email messages purportedly coming from a

React to this headline:

Loading spinner

US organizations targeted with emails delivering NetSupport RAT Read More »

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware

Don't miss, exploit, Hot stuff, JetBrains, Malware, News, Ransomware, Remote Access Trojan, Trend Micro, vulnerability /

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware 2024-03-21 at 12:01 By Helga Labus Attackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability (CVE-2024-27198) to deliver ransomware, cryptominers and remote access trojans (RATs), according to Trend Micro researchers. The CVE-2024-27198 timeline CVE-2024-27198, an authentication bypass vulnerability affecting the TeamCity

React to this headline:

Loading spinner

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware Read More »

Growing AceCryptor attacks in Europe

cybercrime, cybersecurity, Email, ESET, EU, Europe, Malware, News, Remote Access Trojan /

Growing AceCryptor attacks in Europe 2024-03-20 at 13:01 By Help Net Security ESET Research has recorded a considerable increase in AceCryptor attacks, with detections tripling between the first and second halves of 2023. In recent months, researchers registered a significant change in how AceCryptor is used, namely that the attackers spreading Rescoms (also known as

React to this headline:

Loading spinner

Growing AceCryptor attacks in Europe Read More »

Chinese hackers breached Dutch Ministry of Defense

Don't miss, EU, Fortinet, Government, government-backed attacks, Hot stuff, Malware, News, Remote Access Trojan, vulnerability /

Chinese hackers breached Dutch Ministry of Defense 2024-02-07 at 16:46 By Helga Labus Chinese state-sponsored hackers have breached the Dutch Ministry of Defense (MOD) last year and deployed a new remote access trojan (RAT) malware to serve as a backdoor. “The effects of the intrusion were limited because the victim network was segmented from the

React to this headline:

Loading spinner

Chinese hackers breached Dutch Ministry of Defense Read More »

Festive Facade: Dissecting Multi-Stage Malware in New Year-themed Lure

Malware, Remote Access Trojan /

Festive Facade: Dissecting Multi-Stage Malware in New Year-themed Lure 2024-01-05 at 11:26 By cybleinc CRIL analyzes New Year-themed malware utilizing JS Downloader and DLL Sideloading to infect potential victims. The post Festive Facade: Dissecting Multi-Stage Malware in New Year-themed Lure appeared first on Cyble. This article is an excerpt from Cyble View Original Source React

React to this headline:

Loading spinner

Festive Facade: Dissecting Multi-Stage Malware in New Year-themed Lure Read More »

Uncovering The New Java-Based SAW RAT’s Infiltration Strategy via LNK files

Java, Java Runtime Environment, Remote Access Trojan, Saw RAT, trojan /

Uncovering The New Java-Based SAW RAT’s Infiltration Strategy via LNK files 29/11/2023 at 15:02 By cybleinc CRIL analyzes a new Java-based RAT – SAW that infiltrates users’ systems via LNK files. The post Uncovering The New Java-Based SAW RAT’s Infiltration Strategy via LNK files appeared first on Cyble. This article is an excerpt from Cyble

React to this headline:

Loading spinner

Uncovering The New Java-Based SAW RAT’s Infiltration Strategy via LNK files Read More »

New Java-Based Sayler RAT Targets Polish Speaking Users

Adobe Illustrator, Crypter Ransomware, Java, Keylogger, Polish, Remote Access Trojan, Sayler, Threat Intelligence /

New Java-Based Sayler RAT Targets Polish Speaking Users 02/11/2023 at 13:16 By cybleinc Key Takeaways Overview On October 25th, CRIL came across an undetected Java Archive (JAR) file named “Java.jar” on VirusTotal. Upon investigation, it was determined that the JAR file is a new Remote Access Trojan named “Sayler.” Sayler RAT is designed to provide

React to this headline:

Loading spinner

New Java-Based Sayler RAT Targets Polish Speaking Users Read More »

Researchers uncover DarkGate malware’s Vietnamese connection

cybercrime, cybercriminals, Malware, News, Remote Access Trojan, WithSecure /

Researchers uncover DarkGate malware’s Vietnamese connection 20/10/2023 at 14:02 By Help Net Security WithSecure researchers have tracked attacks using DarkGate malware to an active cluster of cybercriminals operating out of Vietnam. DarkGate is a remote access trojan (RAT) that has been used in attacks since at least 2018 and is currently available to cybercriminals as

React to this headline:

Loading spinner

Researchers uncover DarkGate malware’s Vietnamese connection Read More »

RMS Tool’s Sneaky Comeback: Phishing Campaign Mirroring Banned Applications

ExpressVPN, Malware, Remote Access Trojan, Remote Management System, RMS, Skype, TA505, VPN, WeChat /

RMS Tool’s Sneaky Comeback: Phishing Campaign Mirroring Banned Applications 04/10/2023 at 11:02 By cybleinc Key Takeaways Overview Lately, there has been a trend among TAs where they appear to be adapting their tactics to exploit the allure of applications banned in specific regions, potentially making users more susceptible to cyberattacks. These campaigns appear to be

React to this headline:

Loading spinner

RMS Tool’s Sneaky Comeback: Phishing Campaign Mirroring Banned Applications Read More »

Fake Bitwarden installation packages delivered RAT to Windows users

Bitwarden, Don't miss, Hot stuff, Malware, News, Proofpoint, Remote Access Trojan, Windows /

Fake Bitwarden installation packages delivered RAT to Windows users 27/09/2023 at 11:47 By Helga Labus Windows users looking to install the Bitwarden password manager may have inadvertently installed a remote access trojan (RAT). The ZenRAT malware A malicious website spoofing Bitwarden’s legitimate one (located at bitwariden[.]com) has been offering fake installation packages containing the ZenRAT

React to this headline:

Loading spinner

Fake Bitwarden installation packages delivered RAT to Windows users Read More »

Sophisticated SiMay RAT Spreads Via Telegram Phishing Site

Gh0st RAT, Keylogger, phishing, Remote Access Trojan, SiMay, SiMay RAT, Telegram /

Sophisticated SiMay RAT Spreads Via Telegram Phishing Site 09/08/2023 at 22:02 By rohansinhacyblecom   Keylogger and Gh0st RAT Variant deployed to spy on Users   Threat actors (TAs) have been relentlessly employing diverse techniques to propagate malware by leveraging counterfeit websites of renowned applications. Cyble Research and Intelligence Labs (CRIL) reported on a trojanized version

React to this headline:

Loading spinner

Sophisticated SiMay RAT Spreads Via Telegram Phishing Site Read More »

STRRAT’s Latest Version Incorporates Dual Obfuscation Layers

Dual Obfuscation, Remote Access Trojan, STRRAT, STRRAT 1.6, trojan /

STRRAT’s Latest Version Incorporates Dual Obfuscation Layers 09/08/2023 at 22:02 By rohansinhacyblecom   Key Takeaways   • The blog highlights a new infection technique for distributing STRRAT version 1.6. It involves a spam email with a PDF attachment that, when opened, downloads a zip file containing the malicious JavaScript, which drops STRRAT. • STRRAT version

React to this headline:

Loading spinner

STRRAT’s Latest Version Incorporates Dual Obfuscation Layers Read More »

Attackers can turn AWS SSM agents into remote access trojans

AWS, cloud computing, cloud security, Don't miss, enterprise, Hot stuff, Mitiga, News, Remote Access Trojan, research /

Attackers can turn AWS SSM agents into remote access trojans 02/08/2023 at 16:02 By Zeljka Zorz Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual servers), as well as to non-EC2 machines (e.g., on-premises enterprise servers and virtual machines, and

React to this headline:

Loading spinner

Attackers can turn AWS SSM agents into remote access trojans Read More »

Trojanized Application Preying on TeamViewer Users

Malware, Microsoft, njRAT, Remote Access Trojan, TeamViewer, trojan, Windows /

Trojanized Application Preying on TeamViewer Users 13/07/2023 at 14:32 By cybleinc Cyble Research & Intelligence Labs analyzes a trojanized version of the TeamViewer application and how it distributes njRAT. The post Trojanized Application Preying on TeamViewer Users appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

Trojanized Application Preying on TeamViewer Users Read More »

The Turkish Government Masqueraded Site Distributing Android RAT

Aidat İadesi, Android RAT, cybercriminals, Keylogging, Malware, phishing, Remote Access Trojan, Telegram, Threat Actors, Turkish Government, Virtual Network Computing, VNC /

The Turkish Government Masqueraded Site Distributing Android RAT 10/07/2023 at 17:17 By cybleinc CRIL analyzes the phishing campaign masquerading Turkish Government to distribute Android RAT with VNC and Keylogging feature. The post The Turkish Government Masqueraded Site Distributing Android RAT appeared first on Cyble. This article is an excerpt from Cyble View Original Source React

React to this headline:

Loading spinner

The Turkish Government Masqueraded Site Distributing Android RAT Read More »

Sophisticated DarkWatchMan RAT Spreads Through Phishing Sites

cybercrime, DarkWatchMan, Data leak, fake app, Malware, Mircrosoft, Ransomware, Remote Access Trojan, Task Scheduler, Threat Intelligence, Windows, Windows Registry /

Sophisticated DarkWatchMan RAT Spreads Through Phishing Sites 07/05/2023 at 18:24 By cybleinc Cyble Research & Intelligence Labs analyzes DarkWatchman, a Remote Access Trojan that has been spreading via Phishing sites. The post Sophisticated DarkWatchMan RAT Spreads Through Phishing Sites appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to

React to this headline:

Loading spinner

Sophisticated DarkWatchMan RAT Spreads Through Phishing Sites Read More »

Scroll to Top