MAL-2026-1091 Malicious code in myproject-bola (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f85bf2df7a8a311b7140ca4086746ecf3c26b219843b96c1f9f8c22f505e7edc Starting the module initiates an infostealer with a Telegram bot and RAT-like functionality and hardcoded credentials. The code automatically adds itself to...

How fake party invitations are being used to install remote access tools

“You’re invited!” It sounds friendly, familiar and quite harmless. But in a scam we recently spotted, that simple phrase is being used to trick victims into installing a full remote access tool on their Windows computers—giving attackers complete control of the system. What appears to be a casual...

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security. "KSwapDoor is a professionally engineered remote access tool designed with stealth in...

Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature

Google's Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet's Triofox file-sharing and remote access platform. The critical vulnerability, tracked as CVE-2025-12480 CVSS score: 9.1, allows an attacker to bypass authentication and...

EvilOSX

This is an evil RAT Remote Administration Tool for macOS / OS X. It is a Python-based tool that allows for remote access and control of a compromised system. The tool is designed to be undetectable by anti-virus software and is persistent, meaning it will survive a reboot. The tool has a modular...

MAL-2025-191883 Malicious code in svcmanager (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 062d589e7c49394864a13694f3de2a89589fd2f5e6a4d2e43e35ce136b6e7e9c Package attempts to download an executable and install it as a privileged service. The executable seems to be modified remote access tool --- Category: MALICIO...

Malicious code in svcmanager (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 062d589e7c49394864a13694f3de2a89589fd2f5e6a4d2e43e35ce136b6e7e9c Package attempts to download an executable and install it as a privileged service. The executable seems to be modified remote access tool --- Category: MALICIO...

Fake Social Security Statement emails trick users into installing remote tool

Fake emails pretending to come from the US Social Security Administration SSA try to get targets to install ScreenConnect, a remote access tool. This campaign was flagged and investigated by the Malwarebytes Customer Support and Research teams. ScreenConnect, formerly known as ConnectWise Control...

MAL-2025-2597 Malicious code in blackspammerbd1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron b15da26ba7f4131e44fe665d836a9cd11bec3dc1701c7c35005e468a294cd4a0 This package appears to function as a remote access tool, potentially enabling unauthorized access and facilitating data exfiltration. It seems t...

Advisory ROSA-SA-2025-2584

software: xrdp 0.10.1 OS: ROSA-CHROME packageevrstring: xrdp-0.10.1-2 CVE-ID: CVE-2024-39917 BDU-ID: 2024-10780 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the authentication mechanism of the XRDP remote access tool is related to a flaw in the limitation of authentication attempts governed ...

Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion

In this blog entry, we discuss a social engineering attack that tricked the victim into installing a remote access tool, triggering DarkGate malware activities and an attempted C&C connection...

The vulnerability of the authentication mechanism of the XRDP remote access tool, which allows a intruder to gain unauthorized access

The vulnerability of the XRDP remote access authentication mechanism is related to deficiencies in the retry limit for authentication attempts, which is controlled by the MaxLoginRetry parameter set in the configuration file /etc/xrdp/sesman.ini. Exploiting this vulnerability allows a malicious...

LodaRAT: Established Malware, New Victim Patterns

Executive Summary Rapid7 has observed an ongoing malware campaign involving a new version of LodaRAT. This version possesses the ability to steal cookies and passwords from Microsoft Edge and Brave. LodaRAT, first observed in 2016, is a remote access tool RAT written in AutoIt. Development of...

Unwrapping the emerging Interlock ransomware attack

Cisco Talos Incident Response Talos IR recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware. Our analysis uncovered that the attacker used multiple components in the delivery chain including a Remote Access Tool RAT...

Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries

A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive...

AllaKore RAT’s Grip Tightens on Mexican Financial Institutions

Summary: A threat actor has been targeting Mexican banks and cryptocurrency trading since at least 2021. Using custom installers, the actor distributes a modified version of the AllaKore RAT, an open-source remote access tool. The campaign cleverly mimics the Mexican Social Security Institute IMS...

Ivanti Connect Secure Security Vulnerability

Ivanti Connect Secure is a secure remote network connection tool from Ivanti Corporation, USA. A security vulnerability exists in versions prior to Ivanti Connect Secure 22.6R2 that stems from the presence of a Denial of Service DoS vulnerability...

Crypto-Stealing OpcJacker Malware Targets Users with Fake VPN Service

A piece of new information-stealing malware called OpcJacker has been spotted in the wild since the second half of 2022 as part of a malvertising campaign. "OpcJacker's main functions include keylogging, taking screenshots, stealing sensitive data from browsers, loading additional modules, and...

Android Users Beware: New Hook Malware with RAT Capabilities Emerges

The threat actor behind the BlackRock and ERMAC Android banking trojans has unleashed yet another malware for rent called Hook that introduces new capabilities to access files stored in the devices and create a remote interactive session. ThreatFabric, in a report shared with The Hacker News,...

The vulnerability of the remote access tool for VMware Workspace ONE Assist exists due to the lack of security measures taken to protect the website structure. This allows attackers to carry out XSS attacks.

The vulnerability of the remote access tool for VMware Workspace ONE Assist exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...