Dossier
remote access trojan
Coverage of remote access trojan in the Nexus archive.
LabubaRATtopic1Nvidiaorganization1Blackpoint Cyberorganization1Sam Deckerperson1Nevan Bealperson1Rusttopic1Windowstopic1BTMOBtopic1Androidtopic1phishing payloadstopic1cybercriminalsorganization1APT37organization1ScarCruftorganization1Facebookorganization1RokRATtopic1North Koreaplace1social engineeringtopic1
- LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts
Cybersecurity researchers identified a new Rust-based remote access trojan (LabubaRAT) that disguises itself as NVIDIA software to control Windows hosts. The malware creates a reusable foothold for hands-on activity, according to Blackpoint Cyber researchers Sam Decker and Nevan Beal.
- BTMOB Android malware service generates custom phishing payloads
An Android remote access trojan named BTMOB is offered to cybercriminals with a builder interface for generating malware payloads tailored to phishing lures.
- North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
North Korea's hacking group APT37 (ScarCruft) conducted a social engineering campaign via Facebook, using friend requests to deliver RokRAT malware. The multi-stage attack exploited trust-building on the platform to deploy a remote access trojan.