Arch Linux pulls AUR packages that installed Chaos RAT malware
Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices. [...]
Coverage of remote access trojans examines malware controlling compromised devices, including incidents, analysis, infrastructure, disruption, and defenses.
Search across headline titles and summaries.
Background for this topic.
A remote access trojan (RAT) is malware that gives an unauthorized operator remote control over an infected device. Depending on its design, it may execute commands, browse or copy files, log keystrokes, capture screens, or use a microphone or camera. RATs commonly communicate with attacker-controlled command-and-control infrastructure; capabilities and persistence vary, so reporting should identify the specific family or tool rather than assume every RAT has the same functions.
The main concerns are covert access, exposure of sensitive data, and use of the host to deploy additional malware or alter systems. Defenders should monitor endpoint processes and network behavior, restrict unnecessary outbound connections, keep software patched, and use endpoint controls that can detect unusual remote-control activity. If a RAT is suspected, isolate the device, preserve relevant logs and malware samples, investigate related accounts and hosts, and rotate credentials after containment; blocking one server alone may not remove persistence.
Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices. [...]
Cybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT, which was first released on GitHub in January 2019 and has since served as the foundation for several other variants
A cyber-threat campaign is using legitimate websites to inject victims with remote access Trojans belonging to the Interlock ransomware group, in order to gain control of devices.
Hackers have adopted the new technique called 'FileFix' in Interlock ransomware attacks to drop a remote access trojan (RAT) on targeted systems. [...]
Threat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan (RAT) as part of a widespread campaign using a variant of ClickFix called FileFix
Interlock ransomware continues to develop custom tooling and a new RAT has been detected by researchers