-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

Search results for Top rat | Breaking Cybersecurity News | The Hacker News

3 Lifehacks While Analyzing Orcus RAT in a Malware Sandbox

3 Lifehacks While Analyzing Orcus RAT in a Malware Sandbox

Jan 27, 2023 Malware Analyzing
Orcus  is a Remote Access Trojan with some distinctive characteristics. The RAT allows attackers to create plugins and offers a robust core feature set that makes it quite a dangerous malicious program in its class. RAT is quite a stable type that always makes it to the top. ANY.RUN’s top malware types in 2022 That's why you'll definitely come across this type in your practice, and the Orcus family specifically. To simplify your analysis, we have collected 3 lifehacks you should take advantage of. Here we go. What is Orcus RAT?  Definition . Orcus RAT is a type of malicious software program that enables remote access and control of computers and networks. It is a type of Remote Access Trojan (RAT) that has been used by attackers to gain access to and control computers and networks. Capabilities . Once downloaded onto a computer or network, it begins to execute its malicious code, allowing the attacker to gain access and control. It is capable of stealing data, conducti...
Meet Borat RAT, a New Unique Triple Threat

Meet Borat RAT, a New Unique Triple Threat

Aug 22, 2022
Atlanta-based cyber risk intelligence company, Cyble discovered a new Remote Access Trojan (RAT) malware. What makes this particular RAT malware distinct enough to be named after the  comic creation of Sacha Baron Cohen ? RAT malware typically helps cybercriminals gain complete control of a victim's system, permitting them to access network resources, files, and power to toggle the mouse and keyboard. Borat RAT malware goes beyond the standard features and enables threat actors to deploy ransomware and  DDoS attacks . It also increases the number of threat actors who can launch attacks, sometimes appealing to the lowest common denominator. The added functionality of carrying out DDoS attacks makes it insidious and a risk to today's digital organizations. Ransomware has been the most common top attack type for over  three years . According to an IBM report, REvil was the most common ransomware strain, consisting of about  37%  of all ransomware attacks. Borat ...
Hackers Are Distributing Backdoored 'Cobian RAT' Hacking tool For Free

Hackers Are Distributing Backdoored 'Cobian RAT' Hacking tool For Free

Sep 06, 2017
Nothing is free in this world. If you are searching for free ready-made hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a hoax. Last year, we reported about one such Facebook hacking tool that actually had the capability to hack a Facebook account, but yours and not the one you desire to hack. Now, a Remote Access Trojan (RAT) builder kit that was recently spotted on multiple underground hacking forums for free found containing a backdoored module that aims to provide the kit's authors access to all of the victim's data. Dubbed Cobian RAT , the malware has been in circulation since February of this year and has some similarities with the njRAT and H-Worm family of malware, which has been around since at least 2013. According to ThreatLabZ researchers from Zscaler, who discovered the backdoored nature of the malware kit, the "free malware builder" is likely capable of...
cyber security

The Systems That Power America Are Under Threat. Is Your ICS/OT Program Ready?

websiteSANS InstituteCritical infrastructure / Webinar
Discover where federal ICS programs are most exposed and what closing the skills gap requires in practice.
cyber security

Inside Device Code Phishing: Live Demos, Real Kits, and What's Next

websitePush SecurityPhishing Attack / Webinar
Device code attacks are up 37x this year, with 18+ kits in the wild. Now available on-demand.
New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries

New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries

Jul 14, 2025 Malware / Web Security
Threat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan (RAT) as part of a widespread campaign using a variant of ClickFix called FileFix. "Since May 2025, activity related to the Interlock RAT has been observed in connection with the LandUpdate808 (aka KongTuke) web-inject threat clusters," The DFIR Report said in a technical analysis published today in collaboration with Proofpoint. "The campaign begins with compromised websites injected with a single-line script hidden in the page's HTML, often unbeknownst to site owners or visitors." The JavaScript code acts as a traffic distribution system (TDS), using IP filtering techniques to redirect users to fake CAPTCHA verification pages that leverage ClickFix to entice them into running a PowerShell script that leads to the deployment of NodeSnake (aka Interlock RAT or Supper ). The use of NodeSnake by Interlock was previously documented by Qu...
Gigabud RAT Android Banking Malware Targets Institutions Across Countries

Gigabud RAT Android Banking Malware Targets Institutions Across Countries

Aug 15, 2023 Mobile Security / Financial Risk
Account holders of over numerous financial institutions in Thailand, Indonesia, Vietnam, the Philippines, and Peru are being targeted by an Android banking malware called  Gigabud RAT . "One of Gigabud RAT's unique features is that it doesn't execute any malicious actions until the user is authorized into the malicious application by a fraudster, [...] which makes it harder to detect," Group-IB researchers Pavel Naumov and Artem Grischenko  said . "Instead of using HTML overlay attacks, Gigabud RAT gathers sensitive information primarily through screen recording." Gigabud RAT was  first documented  by Cyble in January 2023 after it was spotted impersonating bank and government apps to siphon sensitive data. It's known to be active in the wild since at least July 2022. The Singapore-based company said it also identified a second variant of the malware minus the RAT capabilities. Dubbed Gigabud.Loan, it comes under the guise of a loan application that...
Experts Uncover Mobile Spyware Attacks Targeting Kurdish Ethnic Group

Experts Uncover Mobile Spyware Attacks Targeting Kurdish Ethnic Group

Sep 08, 2021
Cybersecurity researchers on Tuesday released new findings that reveal a year-long mobile espionage campaign against the Kurdish ethnic group to deploy two Android backdoors that masquerade as legitimate apps. Active since at least March 2020, the attacks leveraged as many as six dedicated Facebook profiles that claimed to offer tech and pro-Kurd content — two aimed at Android users while the other four appeared to provide news for the Kurdish supporters — only to share links to spying apps on public Facebook groups. All the six profiles have since been taken down. "It targeted the Kurdish ethnic group through at least 28 malicious Facebook posts that would lead potential victims to download Android 888 RAT or SpyNote," ESET researcher Lukas Stefanko  said . "Most of the malicious Facebook posts led to downloads of the commercial, multi-platform 888 RAT, which has been available on the black market since 2018." The Slovakian cybersecurity firm attributed the at...
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures

North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures

Apr 25, 2024 Malware / Cyber Threat
The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT as part of attacks targeting specific individuals in the Asia region in summer 2023. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL binary from [command-and-control] server," Avast security researcher Luigino Camastra  said  in a report published last week. The RAT acts as a pathway to deliver the FudModule rootkit, which has been recently observed leveraging a now-patched  admin-to-kernel exploit  in the appid.sys driver (CVE-2024-21338, CVSS score: 7.8) to obtain a kernel read/write primitive and ultimately disable security mechanisms. The Lazarus Group's use of job offer lures to infiltrate targets is not new. Dubbed Operation Dream Job, the  long-running campaign ...
DarkComet-RAT v4.0 Fix1 Released - Fully Cryptable

DarkComet-RAT v4.0 Fix1 Released - Fully Cryptable

Aug 21, 2011
DarkComet-RAT v4.0 Fix1 Released - Fully Cryptable DarkComet-RAT v4.0 Change log - DarkComet-RAT is now compiled on Delphi XE instead of Delphi 2010. - Synthax highlighter added in remote keylogger. - Multithreading is now more efficient, no more freezing, using a new powerfull and stable methode (still using pure Win32 API both side for it) - Get hard drive information added in file manager - Bot logs in main form had change, it is more efficient / fast and user friendly - Whole system parser is now far stable and faster - No-IP was moded and is now better ;) - All global settings were redisigned in a new form that will contain all necessary stuff for Client side - Flags manager has been ported to the main client settings form - Now you can change the default size Width and Height of the users thumbnails - No more menu in the top of the SIN (Main Window - Users list...) so it is more clear - The [+] button is one of the way to add a new port to listen else go to Socket/...
Andariel Hackers Target South Korean Institutes with New Dora RAT Malware

Andariel Hackers Target South Korean Institutes with New Dora RAT Malware

Jun 03, 2024 Malware / Cyber Attack
The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea. "Keylogger, Infostealer, and proxy tools on top of the backdoor were utilized for the attacks," the AhnLab Security Intelligence Center (ASEC) said in a report published last week. "The threat actor probably used these malware strains to control and steal data from the infected systems." The attacks are characterized by the use of a vulnerable Apache Tomcat server to distribute the malware, the South Korean cybersecurity firm added, noting the system in question ran the 2013 version of Apache Tomcat, making it susceptible to several vulnerabilities. Andariel, also known by the names Nickel Hyatt, Onyx Sleet, and Silent Chollima, is an advanced persistent threat (APT) group that operates on behalf of North Korea's strategic...
macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users

macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users

Aug 27, 2024 Cyber Espionage / Malware
Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT . The artifacts "almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of shell scripts from the attackers' server," Kaspersky researcher Sergey Puzan said . HZ RAT was first documented by German cybersecurity company DCSO in November 2022, with the malware distributed via self-extracting zip archives or malicious RTF documents presumably built using the Royal Road RTF weaponizer . The attack chains involving RTF documents are engineered to deploy the Windows version of the malware that's executed on the compromised host by exploiting a years-old Microsoft Office flaw in the Equation Editor ( CVE-2017-11882 ). The second distribution method, on the other hand, masquerades as an installer for legitimate software such as OpenVPN, PuTTYgen, or E...
EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

Apr 30, 2026 Threat Intelligence / Enterprise Security
Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating administrative utilities they rely on for daily operations. By integrating Search Engine Order (SEO) poisoning , a dual-stage GitHub distribution architecture , and decentralized blockchain-based command-and-control (C2) resolving, Threat Actors have established a highly resilient delivery and persistence mechanism. Creative Distribution via GitHub Facades The campaign utilizes a multi-layered delivery chain designed to evade platform-level takedowns and maintain a high search engine ranking. The attack begins with SEO poisoning on various search engines, including Bing, Yahoo, DuckDuckGo, and Yandex. That ensures that malicious results for niche IT terms rank at the top of search ...
Expert Insights Articles Videos
Cybersecurity Resources