ALL POSTS

Key Findings Researchers from Zscaler ThreatLabz discovered three malicious npm packages that deliver a new Remote Access Trojan (RAT) called NodeCordRAT. The packages - bitcoin-main-lib, bitcoin-lib-js, and bip40 - were designed to mimic legitimate tools from the bitcoinjs project, tricking developers into installing them. NodeCordRAT uses Discord as a command-and-control (C2) channel, blending its malicious traffic with legitimate user activity to evade detection. The malwa

Key Findings A new campaign is leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. The malicious repositories, often themed as development utilities or OSINT tools, contain code responsible for silently downloading and executing a remote HTA file. PyStoreRAT is a modular, multi-stage implant that can execute various payloads, including an information stealer known as Rhadamanthys.

Key Findings CISA has issued an alert warning of threat actors actively using commercial spyware and remote access trojans (RATs) to target users of mobile messaging apps like Signal and WhatsApp. The attackers employ sophisticated social engineering and targeting techniques to deliver spyware and gain unauthorized access to victims' messaging apps, enabling further device compromise. The targeting appears opportunistic but often focuses on high-value individuals such as gove