RAT - Cybersec Sentinel

RAT

A collection of 15 posts

Credential Theft and MBR Wipe Drive Severe Impact Rating for Neptune RAT

Credential Theft and MBR Wipe Drive Severe Impact Rating for Neptune RAT

Threat Group – Individuals using the aliases ABOLHB and Rino, operating as the Mason Team / FreeMasonry group and distributing the malware through a freemium Malware‑as‑a‑Service model. Threat Type – Remote Access Trojan with credential theft, ransomware, destructive wipe, and clipboard hijacking plug‑ins. Exploited Vulnerabilities – Social‑engineering of users

PJobRAT Returns: New Campaign Distributes Malware via Counterfeit IM Apps

PJobRAT Returns: New Campaign Distributes Malware via Counterfeit IM Apps

Threat Group: Unattributed (Historically linked to SideCopy) Threat Type: Remote Access Trojan (Android RAT) Exploited Vulnerabilities: Social Engineering, Compromised WordPress Sites Malware Used: PJobRAT (latest variant with shell command execution) Threat Score: 🔴 High (8.3/10) – Due to persistence, enhanced capabilities, and deception-based delivery Last Threat Observation: October 2024 (per

Emerging Malware StilachiRAT Targets Digital Assets

Emerging Malware StilachiRAT Targets Digital Assets

Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Unknown Malware Used: StilachiRAT Threat Score: 🔴 High (8.4/10) – Due to its comprehensive data theft capabilities, advanced evasion techniques, and specific targeting of cryptocurrency assets. Last Threat Observation: March 20, 2025 Overview StilachiRAT is a newly discovered Remote Access Trojan (RAT)

Desert Dexter Campaign Exploits AsyncRAT for Cyberattacks

Desert Dexter Campaign Exploits AsyncRAT for Cyberattacks

Threat Group: Desert Dexter Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Social Engineering, Software Vulnerabilities (WinRAR) Malware Used: AsyncRAT (Modified Version) Threat Score: High (9.0/10) – Advanced evasion techniques, broad industry targeting, offline keylogging, and sophisticated persistence. Last Threat Observation: March 8, 2025 Overview The Desert Dexter campaign,

Dark Caracal Deploying Poco RAT in Latin America

Dark Caracal Deploying Poco RAT in Latin America

Threat Group: Dark Caracal Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Social engineering via phishing emails Malware Used: Poco RAT Threat Score: High (8.5/10) – Due to its focus on critical infrastructure, advanced evasion techniques, and targeted regional attacks. Last Threat Observation: March 6, 2025 Overview Poco RAT

FatalRAT Phishing Attacks Targeting APAC Industrial Sectors

FatalRAT Phishing Attacks Targeting APAC Industrial Sectors

Threat Group: Unattributed Chinese-speaking Threat Actors Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: No specific software vulnerabilities exploited; relies on social engineering and phishing techniques Malware Used: FatalRAT Threat Score: High (8.5/10) – Due to its sophisticated multi-stage infection chain, targeting of critical industrial sectors, and advanced evasion

SystemBC RAT Poses New Risks to Linux System

SystemBC RAT Poses New Risks to Linux System

Threat Group: Various Cybercriminal Groups Threat Type: Remote Access Trojan (RAT) and Proxy Malware Exploited Vulnerabilities: No specific vulnerabilities exploited; relies on various propagation methods Malware Used: SystemBC (also known as Coroxy or DroxiDat) Threat Score: High (8.5/10) – Due to its cross-platform targeting capabilities, advanced evasion techniques, and

Advanced Evasion Techniques Used by NonEuclid RAT

Advanced Evasion Techniques Used by NonEuclid RAT

Threat Group: Developer unknown, promoted by underground forums and individual actors Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Privilege escalation, outdated security patches, and social engineering Malware Used: NonEuclid RAT Threat Score: High (9.0/10) – Advanced persistence, ransomware capabilities, and widespread appeal within cybercrime circles Last Threat Observation:

Iranian Hackers Deploy WezRat in Targeted Phishing Campaigns

Iranian Hackers Deploy WezRat in Targeted Phishing Campaigns

Threat Group: - Emennet Pasargad (Cotton Sandstorm) Threat Type: - Remote Access Trojan (RAT) / Infostealer Exploited Vulnerabilities: - Social engineering through phishing campaigns Malware Used: - WezRat Threat Score: - High (8.5/10) — Due to its modular design, advanced espionage capabilities, and targeted nature. Last Threat Observation: - November

Remcos RAT Malware Campaign Poses Persistent Threat to Windows Users

Remcos RAT Malware Campaign Poses Persistent Threat to Windows Users

Cybersec Sentinel November 9, 2024 Threat Group: Various Cybercriminal Entities Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Phishing emails, CVE-2017-0199, multi-layer obfuscation Malware Used: Remcos RAT Threat Score: Medium Last Threat Observation: November 9, 2024 Overview Remcos RAT, a commercial RAT initially marketed as a legitimate tool for remote