Security news aggregator

Latest coverage for Remote Access Trojan

Coverage of remote access trojans examines malware controlling compromised devices, including incidents, analysis, infrastructure, disruption, and defenses.

24 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A remote access trojan (RAT) is malware that gives an unauthorized operator remote control over an infected device. Depending on its design, it may execute commands, browse or copy files, log keystrokes, capture screens, or use a microphone or camera. RATs commonly communicate with attacker-controlled command-and-control infrastructure; capabilities and persistence vary, so reporting should identify the specific family or tool rather than assume every RAT has the same functions.

The main concerns are covert access, exposure of sensitive data, and use of the host to deploy additional malware or alter systems. Defenders should monitor endpoint processes and network behavior, restrict unnecessary outbound connections, keep software patched, and use endpoint controls that can detect unusual remote-control activity. If a RAT is suspected, isolate the device, preserve relevant logs and malware samples, investigate related accounts and hosts, and rotate credentials after containment; blocking one server alone may not remove persistence.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 24 Filtered view
Bank Info Security 1 month, 3 weeks ago

Glassworm Group: Software Supply-Chain Attackers Disrupted

Suspected Russian Crime Group Built Resilient Command-and-Control InfrastructureIn a joint operation, CrowdStrike, Google and Shadowserver Foundation disrupted infrastructure used by the Glassworm cybercrime group, cutting off attackers from victims. The group has wielded a remote access Trojan to repeatedly target developers of widely used open-source software.

Bank Info Security 3 months, 2 weeks ago

Backdooring of JavaScript Library Axios Tied to North Korea

Expect Fallout After Remote Access Trojan Added to Popular JavaScript NPM PackageA supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software packages, to distribute a cross-platform, remote access Trojan. Identifying the full fallout from the attack could take some time, experts warned.

'Cyber Android RAT' Can Capture WhatsApp History, Crypto Seed PhrasesCybercriminals are advertising on criminal hacking online boards an Android remote access Trojan that can steal victims' WhatsApp conversation history, surveil them in real time and extract cryptocurrency seed phrases for the low price of about $500 a month.

Bank Info Security 5 months, 2 weeks ago

Breach Roundup: Android RAT Hides Behind Hugging Face

Also, SmarterMail Flaw, Nike Breach Probe, Empire Market Co-Creator Pleads GuiltyThis week, researchers exposed an Android RAT abusing Hugging Face. Attackers exploited a SmarterMail flaw. Automakers raised cyber spending. CISA flagged a VMware bug. Microsoft patched Office. An Empire Market co-creator pleaded guilty. Nike probed a breach.

Bank Info Security 8 months ago

Operation Endgame Disrupts More Malware

Rhadamanthys, VenomRAT and Elysium Targeted in OperationA multinational law enforcement operation resulted in the arrest of a remote access Trojan operator and the seizure of over 1,000 info stealer and botnet servers. Authorities took down 1,025 servers associated with the Rhadamanthys infostealer, the Venom RAT and a botnet dubbed Elysium.

Bank Info Security 9 months, 3 weeks ago

North Korea Fake Job Recruiters Up Their Backdoor Game

Eset: Lazarus Group Shares Backdoor With Newer Pyongyang Threat ActorA gang of North Korean hackers behind fake IT job recruitment scams now have access to a remote access Trojan favored by their more technically advanced counterparts tracked collectively as the Lazarus Group, say security researchers.

Bank Info Security 9 months, 3 weeks ago

Chinese Hackers Deploy New PlugX Variant

Sophisticated Cyberespionage Campaign Targets Asian Telecom, Manufacturing SectorsA remote access Trojan that's a staple of Chinese nation-state hacking is part of an ongoing campaign targeting telecom and manufacturing sectors in Central and South Asian countries. The threat actor, tracked as Naikon, apparently has access to a new variant of PlugX malware.

Also, Spain Arrests Hacker Behind Leaks Targeting Politicians and JournalistsThis week, Chinese sites mimicked brands, Spain arrested data leak hackers, Swiss health nonprofit ransomware attack, ICC probed a cyberattack, UNFI restored systems, a flaw in smart tractors, RomCom RAT. A U.K. man sentenced for locking employer out of network. A WordPress hack installs a Trojan.

Bank Info Security 1 year, 2 months ago

Fileless PowerShell Loader Deploys Remcos RAT

Attack Chain Uses LNK Files, MSHTA and Memory InjectionPowerShell is becoming hackers' new favorite tool since they can load code directly into computer memory and evade traditional file-based detection methods, warn security researchers. A combination of LNK-MSHTA-PowerShell offers a stealthy and effective path to execution.

Bank Info Security 1 year, 3 months ago

Chinese Hackers Deploy Stealthy Fileless VShell RAT

Malware Hides in Memory, Evades Detection by Endpoint ToolsA Chinese state-backed hacking group tracked as UNC5174 relaunched its operations after a year of silence with a campaign using a memory-only remote access Trojan that evades traditional detection mechanisms, according to new research from cybersecurity firm Sysdig.

Bank Info Security 1 year, 3 months ago

Cryptohack Roundup: $6.1M Wemix Theft

Also: OKX Temporarily Suspends Services to Prevent Funds LaunderingThis week, $6.1M Wemix theft, OKX suspended services, Vermont dropped Coinbase case, new RAT-targeted crypto wallet extensions, TJ Stone got prison time, Nebraska's new crypto ATM rule, Trezor disclosed a potential bug and British prosecutors charged a former police officer for 50 Bitcoin theft.

Bank Info Security 1 year, 4 months ago

Breach Roundup: US Sanctions Iran-Based Nemesis Admin

Also, BianLian Ransomware Hackers Aren't Really Mailing YouThis week, the U.S. sanctioned the Nemesis admin, Poco RAT spotted in Latin America, Apple challenged a British order to weaken encryption and the FBI warned against scam letters purportedly from BianLian. Also, a Nigerian tax scammer extradited to the U.S., a new botnet and a Webex vulnerability.

Bank Info Security 1 year, 5 months ago

Breach Roundup: DeepSeek Leaked Sensitive Data

Also: Infostealer Malware Compromises Mexican Government ComputersThis week, DeepSeek exposed sensitive data, hackers exploited unpatched Zyxel flaws, infostealer malware on Mexican government computers, Smiths Group incident, PowerSchool breach notifications, an Apple zero-day, XWorm RAT backdoor, and Credit Control Corporation settled a lawsuit.

Also: German Prosecutors Charge Three Alleged Russian SaboteursThis week, MetLife denied a RansomHub cyberattack claim, RI Health System cyberattack update, npm package deployed Quasar RAT, Germany charges three with espionage for Russia, North Korea’s contagious interview campaign deployed new malware.

Bank Info Security 1 year, 7 months ago

'Horns&Hooves' Malware Campaign Hits Over 1,000 Victims

Russian Threat Actor Delivers NetSupport RAT, BurnsRAT via Fake RequestsA malware campaign targeting Russian retailers and service businesses aims to deploy remote access tools and install infostealer malware. Kaspersky dubbed the campaign "Horns&Hooves," after a fake organization set up by fraudsters in the 1931 Soviet satirical novel "The Little Golden Calf."

Bitdefender Exposes Unfading Sea Haze's Advanced Cyberespionage TacticsA previously undetected, suspected Chinese-state threat actor has been targeting governments in the South China Sea for years with a remote access Trojan that has been a favorite of Chinese hackers since its creation almost two decades ago, say security researchers from Bitdefender.

Bank Info Security 2 years, 2 months ago

Hackers Target US AI Experts With Customized RAT

Hackers Sought Specific Generative AI Software at Leading US Firm: ProofpointA possible Chinese threat actor is using a variant of the Gh0st RAT malware to steal information from artificial intelligence experts in U.S. companies, federal agencies and academia. On the criminal group's target list was a "leading U.S.-based AI organization."

Bank Info Security 2 years, 4 months ago

Hackers Hiding Keylogger, RAT Malware in SVG Image Files

New Campaign Evades Security Tools to Deliver Agent Tesla Keylogger and XWorm RATThreat actors are using image files or Scalable Vector Graphics files to deliver ransomware, download banking Trojans or distribute malware. The campaign uses an open-source tool, AutoSmuggle, to facilitate the delivery of malicious files through SVG or HTML files.

Loading more headlines...