Tag: Remote Access Trojan
-
The Script Editor Trap: New macOS “Reaper” Malware Bypasses Terminal Defenses to Steal Keychains
A novel exploitation technique has surfaced on macOS, designed to deceive users via a counterfeit “security update.” The malicious payload, designated as Reaper—an advanced iteration of the SHub information stealer—no longer relies on social engineering to coerce victims into pasting commands into the Terminal. Instead, it seamlessly launches Apple’s native Script Editor, pre-loaded with weaponized…
-
The Administrator’s Shadow: How Hackers Turned a Popular GitHub Utility into an Invisible C2 Backdoor
Adversaries no longer find it requisite to engineer sophisticated malware from its inception. Frequently, the appropriation of a pre-existing utility from GitHub, utilized in its native state, suffices. This paradigm was vividly illustrated in mid-April during an incursion where Huntress specialists identified the inaugural exploitation of the Komari project. On April 16, 2026, an assailant…
-
The 15-Second Takeover: How North Korea’s UNC1069 Hijacked Axios and 100 Million Users
The ubiquitous JavaScript library axios, a cornerstone utilized by millions of digital architectures, was transfigured for several hours into a conduit for the dissemination of malignant code. In a calculated maneuver, adversaries subverted the account of a lead maintainer, leveraging his credentials to promulgate contaminated iterations of the library. The cataclysm unfolded on March 31st.…
-
Ninety Seconds to Compromise: The Viral Hijack of the Axios NPM Package
The ubiquitous axios library, an indispensable cornerstone of contemporary web development, has abruptly found itself at the epicenter of a profound cyber siege. Malefactors surreptitiously wove venomous code directly into the official iterations of the package, prompting developers across the globe to unwittingly download the contaminated updates, blissfully ignorant of the lurking peril. This tribulation…
-
The Bot Numerology: How “stager_51_bot” Unmasked MuddyWater’s Global LampoRAT Campaign
Occasionally, a malicious campaign is betrayed not by labyrinthine code, but by a minuscule detail. Within the nascent machinations of the MuddyWater syndicate, this revealing fragment manifested as the nomenclature of their Telegram bots. The vanguard at Synaptic meticulously dissected a specimen of the LampoRAT malware, an architecture chronicled in prior epochs. This contagion functions…
-
The Gaddafi Lure: How a “Leaked Video” Led to the Clandestine Hijacking of Libya’s Oil Giant
The kinetic strike commenced with a sensational headline heralding a “leaked video” and culminated in clandestine dominion over the networks of a sovereign petroleum enterprise. Over the span of several months, the digital marauders imperceptibly entrenched themselves within a multitude of Libyan institutions simultaneously, encompassing a prominent oil refinery. This relentless series of bombardments endured…
-
The KakaoTalk Trap: How the Konni Syndicate Turns Victims Into Malicious Proxies
The North Korean cyber espionage syndicate Konni has orchestrated a nascent, multi-stage offensive, weaponizing spear-phishing missives alongside the KakaoTalk messaging conduit to proliferate malicious architectures. This labyrinthine stratagem empowered the digital marauders not merely to entrench themselves within the victims’ computational sanctuaries, but to transfigure these very machines into virulent vectors for subsequent contagion. Forensic…
-
“Oblivion” Malware Hijacks Android 15 with Unprecedented Stealth
An advertisement hawking Oblivion, a novel Remote Access Trojan (RAT) designed explicitly for Android ecosystems, has materialized on a publicly accessible hacker forum. Researchers at Certo have meticulously dissected the publication, its accompanying web panel, and a video demonstration illustrating the instrument’s operational capabilities. Judged by its description and the promotional footage, Oblivion is meticulously…
-
Total System Eclipse: “Oblivion” Malware Hijacks Android 16 with Unprecedented Stealth
A novel tool for the remote exploitation of Android devices has surfaced on clandestine forums, already earning the moniker of the most formidable threat in recent years. This malicious software, christened Oblivion, is vended on a subscription basis. According to cybersecurity experts at Certo, it possesses a chilling efficacy in circumventing the defensive architectures of…
-
The “Async” Surge: January 2026 Telemetry Reveals a Global Explosion in AsyncRAT Command Nodes
A pronounced escalation in the activity of infrastructure tethered to the AsyncRAT remote access trojan has been meticulously documented across the global network. Analysis of pervasive telemetry reveals that the command-and-control (C2) servers of this lineage are being deployed en masse across accessible hosting environments, remaining a quintessential instrument for orchestrated incursions and data exfiltration.…
-
The Lotus Trap: Mustang Panda Targets US Government via LOTUSLITE Malware
A sophisticated cyber espionage offensive, meticulously orchestrated against United States governmental entities, has been unearthed by the Acronis Threat Research Unit. The adversarial operation leveraged a ZIP archive containing a deceptive executable and a clandestine library. Upon extraction, the archive triggered a DLL sideloading maneuver, facilitating the deployment of a primary remote access trojan identified…
-
The Discord Trojan: New NodeCordRAT Hijacks Bitcoin-Themed npm Packages
Security researchers at Zscaler have unearthed a sophisticated campaign exploiting prevalent cryptocurrency themes. Three deleterious libraries were discovered within the official npm repository, serving as conduits for a previously undocumented Remote Access Trojan (RAT) designated as NodeCordRAT. These packages, masquerading as legitimate components affiliated with Bitcoin projects, were uploaded by an actor using the pseudonym…
-
Malware in Subtitles: Scammers Use Leonardo DiCaprio’s “One Battle After Another” to Spread Agent Tesla
One of the year’s most anticipated films starring Leonardo DiCaprio, Battle After Battle, has yet to reach official online distribution, yet it has already become a lure for malware. Ahead of its release on HBO Max, scheduled for December 19, torrent files have begun circulating online that do not contain the film at all, but…
-
Next-Gen Malware: EtherRAT Uses Ethereum Smart Contract for Stealth C2
The emergence of a new malicious tool within the React2Shell attack chain has become a notable development amid the surge of compromises that followed the disclosure of CVE-2025-55182. This time, the activity goes far beyond the previously observed attempts to deploy cryptominers or rudimentary data stealers. The Sysdig Threat Research Team has identified an unusual…
-
Fileless Evasion: Multi-Stage Campaign Deploys NetSupport RAT via Obfuscated HTA
Researchers at Securonix have uncovered a multi-layered malware campaign designed to surreptitiously deploy the NetSupport RAT remote access tool. The attack unfolds through a series of carefully obfuscated stages, each engineered for maximum stealth and minimal forensic footprint on the compromised system. The initial delivery begins with a JavaScript file embedded in compromised websites. This…
-
Albiriox: New Android MaaS Uses VNC for Covert Remote Bank Fraud
Against the backdrop of a surge in schemes involving the remote manipulation of infected devices, a new tool for attacking Android has emerged on the cybercrime market. Threat-analysis firms report the appearance of several Malware-as-a-Service (MaaS) offerings that allow attackers to covertly control smartphones, execute operations within banking applications, and circumvent security mechanisms with alarming…