Telegram-Based Millenium RAT Campaign Infects 60,000 Devices
Group-IB says Millenium RAT, now rewritten in C++, has hit 62,289 devices in 160+ countries
Coverage of remote access trojans examines malware controlling compromised devices, including incidents, analysis, infrastructure, disruption, and defenses.
Search across headline titles and summaries.
Background for this topic.
A remote access trojan (RAT) is malware that gives an unauthorized operator remote control over an infected device. Depending on its design, it may execute commands, browse or copy files, log keystrokes, capture screens, or use a microphone or camera. RATs commonly communicate with attacker-controlled command-and-control infrastructure; capabilities and persistence vary, so reporting should identify the specific family or tool rather than assume every RAT has the same functions.
The main concerns are covert access, exposure of sensitive data, and use of the host to deploy additional malware or alter systems. Defenders should monitor endpoint processes and network behavior, restrict unnecessary outbound connections, keep software patched, and use endpoint controls that can detect unusual remote-control activity. If a RAT is suspected, isolate the device, preserve relevant logs and malware samples, investigate related accounts and hosts, and rotate credentials after containment; blocking one server alone may not remove persistence.
Weekly headline count for the current query.
Group-IB says Millenium RAT, now rewritten in C++, has hit 62,289 devices in 160+ countries
JFrog found an npm package impersonating postcss-selector-parser to drop a multi-stage Windows RAT
BTMOB Android RAT sold as a service with a no-code builder for fast, regional phishing lures
Cisco Talos uncovers CloudZ RAT and Pheno plugin abusing Microsoft Phone Link to intercept SMS OTPs
Deep#Door Python RAT uses tunneling and obfuscation to evade detection and steal credentials
STX RAT, a newly identified remote access trojan, attempted deployment in finance, showing advanced C2 and stealthy delivery methods
Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s account, researchers warn
Phantom Stealer .NET harvests browser credentials, cookies, cards, sessions, as stealer-as-a-service
New Remcos RAT variant enhances real-time surveillance and evasion techniques to compromise Windows
Bitdefender has discovered a new Android malware campaign that uses Hugging Face
SHADOW#REACTOR is a multi-stage Windows malware campaign that stealthily deploys the Remcos RAT using complex infection techniques
Atroposia is a newly discovered modular RAT that uses encrypted channels and advanced theft capabilities to target credentials and crypto wallets
A cyber campaign using Nezha has been identified, targeting vulnerable web apps with PHP web shells and Ghost RAT
New Android RAT Klopatra is targeting financial institutions using advanced evasion techniques
A sophisticated fileless malware campaign has been observed using legitimate tools to deliver AsyncRAT executed in memory
An incident involving the npm package eslint-config-prettier has been uncovered spreading Scavenger RAT
Interlock ransomware continues to develop custom tooling and a new RAT has been detected by researchers
Python RAT PylangGhost, linked to Famous Chollima, targeted crypto professionals via fake job sites
Malware campaign used fake DocuSign pages to deploy NetSupport RAT through clipboard manipulation
Fortinet has identified a new Windows RAT operating stealthily on compromised systems with advanced evasion techniques