GitHub Abused to Spread Amadey, Lumma and Redline InfoStealers in Ukraine – Source:hackread.com https://ciso2ciso.com/github-abused-to-spread-amadey-lumma-and-redline-infostealers-in-ukraine-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #CyberAttacks #CyberAttack #SmokeLoader #Emmenhtal #AsyncRAT #Hackread #security #malware #Redline #Ukraine #Amadey #GitHub #Python #Lumma

GitHub Abused to Spread Amadey, Lumma and Redline InfoStealers in Ukraine https://hackread.com/github-abused-amadey-lumma-redline-infostealers-ukraine/ #Cybersecurity #CyberAttacks #CyberAttack #SmokeLoader #Emmenhtal #Security #AsyncRAT #Malware #Redline #Ukraine #Amadey #GitHub #Python #Lumma

Unmasking AsyncRAT: Navigating the labyrinth of forks

AsyncRAT, an open-source remote access trojan, has spawned numerous forks since its 2019 release, becoming a cornerstone of modern malware. This analysis maps out the relationships among AsyncRAT variants, focusing on prominent forks like DcRat and VenomRAT, as well as lesser-known versions. The research explores the evolution of these forks, their unique features, and the methods used to identify them. It also delves into exotic variants with specialized plugins, such as NonEuclid RAT's jump scare and malware spreader functionalities. The proliferation of AsyncRAT forks highlights the risks associated with open-source malware frameworks and the need for proactive detection strategies.

Pulse ID: 687758ff039275831fbcb386
Pulse Link: https://otx.alienvault.com/pulse/687758ff039275831fbcb386
Pulse Author: AlienVault
Created: 2025-07-16 07:47:10

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Nikola Knežević created an overview of AsyncRAT forks and how they relate to each other. Great research.

#AsyncRAT #QuasarRAT
https://www.welivesecurity.com/en/eset-research/unmasking-asyncrat-navigating-labyrinth-forks/

AsyncRAT Spawns Concerning Labyrinth of Forks – Source: www.darkreading.com https://ciso2ciso.com/asyncrat-spawns-concerning-labyrinth-of-forks-source-www-darkreading-com/ #rssfeedpostgeneratorecho #DarkReadingSecurity #CyberSecurityNews #DARKReading #AsyncRAT

New AsyncRAT Variants Use Screamer Tool and USB Malware Spreader

Cybersecurity researchers have discovered two variants of AsyncRAT, that extend its capabilities by adding psychological warfare and enhanced propagation features.

Pulse ID: 6876e73a98de0aff01a723b2
Pulse Link: https://otx.alienvault.com/pulse/6876e73a98de0aff01a723b2
Pulse Author: cryptocti
Created: 2025-07-15 23:41:46

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

AsyncRAT’s Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe – Source:thehackernews.com https://ciso2ciso.com/asyncrats-open-source-code-sparks-surge-in-dangerous-malware-variants-across-the-globe-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #AsyncRAT's

Cybersecurity’s buzzing with news of AsyncRAT malware variants like DCRat and Venom RAT causing chaos. These bad boys are stealing webcam footage and dodging antivirus like pros. Stay safe out there!
#Cybersecurity #AsyncRAT #Malware #TechNews #StaySafe

Unmasking AsyncRAT: Navigating the labyrinth of forks
#AsyncRAT #DCRat #VenomRAT #BoratRAT #NonEuclidRAT #JasonRAT #XieBroRAT
https://www.welivesecurity.com/en/eset-research/unmasking-asyncrat-navigating-labyrinth-forks/

#ESETresearch has mapped the labyrinth of #AsyncRAT forks, identifying the most prevalent versions of this open-source malware. While some variants are mere curiosities, others pose a more tenacious threat. https://www.welivesecurity.com/en/eset-research/unmasking-asyncrat-navigating-labyrinth-forks/
AsyncRAT comes with the typical RAT functionalities, including keylogging, screen capturing, and credential theft. Other threat actors have developed a multitude of variants based on its source code.
Our analysis revealed the most widely used and deployed forks of AsyncRAT, with the most prevalent among them being #DcRat.
Although DcRat holds a smaller share compared to AsyncRAT, it offers notable improvements. These include advanced evasion techniques, and the use of an open-source library for more efficient binary data serialization.
AsyncRAT forks often include prank-style plugins, such as for opening and closing the CD tray and turning off the monitor. Spoof versions dubbed SantaRAT and BoratRAT have also emerged – mostly intended as jokes.
AsyncRAT and its variants demonstrate how quickly and creatively threat actors can adapt open-source code – especially with the assistance of #LLMs. This underscores the importance of proactive detection and effective analysis of emerging threats.
IoCs available on our GitHub: https://github.com/eset/malware-ioc/tree/master/

"북한 APT 그룹 공격 사례 분석" published by ENKI. #AsyncRAT, #LNK, #Slides, #Kimsuky, #Konni, #Lazarus, #DPRK, #CTI https://github.com/codeengn/codeengn-conference/blob/master/21/2025%20CodeEngn%20Conference%2021%2C%20%EB%B6%81%ED%95%9C%20APT%20%EA%B7%B8%EB%A3%B9%20%EA%B3%B5%EA%B2%A9%20%EC%82%AC%EB%A1%80%20%EB%B6%84%EC%84%9D%20%5B%EC%B2%9C%ED%98%B8%EC%A7%84%5D.pdf

133 backdoored #GitHub repos uncovered—67 from “Banana Squad” alone—masquerading as Python tools, game cheats & crypto apps.

Payloads include #AsyncRAT, Lumma, and Remcos—spread via GitHub, YouTube, and Discord.

Dev tools are the new delivery vector. #CyberSecurity https://thehackernews.com/2025/06/67-trojanized-github-repositories-found.html

@cR0w #xworm #asyncrat

The strange tale of ischhfd83: When cybercriminals eat their own – Source: news.sophos.com https://ciso2ciso.com/the-strange-tale-of-ischhfd83-when-cybercriminals-eat-their-own-source-news-sophos-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #cybercrimeforums #ThreatResearch #nakedsecurity #nakedsecurity #lummastealer #SophosXOps #AsyncRAT #backdoor #FEATURED #asyncrat #Backdoor #featured

Victims risk AsyncRAT infection after being redirected to fake Booking.com sites https://www.malwarebytes.com/blog/news/2025/06/victims-risk-asyncrat-infection-after-being-redirected-to-fake-booking-sites #AsyncRAT #booking #CAPTCHA #Scams #News

Top 10 last week's threats by uploads
#Lumma 753 (524)
#Remcos 556 (130)
#Xworm 427 (163)
#Asyncrat 349 (165)
#Snake 342 (182)
#Agenttesla 299 (119)
#Amadey 194 (185)
#Neconyd 190 (286)
#Quasar 114 (74)
#Dcrat 87 (74)

Track them all: https://any.run/malware-trends/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_content=tracker&utm_term=120525

Our new report describes one of the latest observed infection chains (delivering #AsyncRAT) relying on the #Cloudflare tunnel infrastructure and the attacker’s #TTPs with a principal focus on detection opportunities.

https://blog.sekoia.io/detecting-multi-stage-infection-chains-madness/

Booking.com Phishing Scam Uses Fake CAPTCHA to Install AsyncRAT – Source:hackread.com https://ciso2ciso.com/booking-com-phishing-scam-uses-fake-captcha-to-install-asyncrat-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #PhishingScam #CyberAttack #0CISO2CISO #Bookingcom #AsyncRAT #Hackread #security #Captcha #malware #Fraud #Scam

Booking.com Phishing Scam Uses Fake CAPTCHA to Install AsyncRAT https://hackread.com/booking-com-phishing-scam-fake-captcha-asyncrat/ #Cybersecurity #PhishingScam #CyberAttack #Bookingcom #Security #AsyncRAT #Captcha #Malware #Fraud #Scam

Watch Out! New phishing scam targets hotel staff with fake #Booking.com emails. A fake CAPTCHA leads to AsyncRAT malware via a Windows Run trick.

Read more: https://hackread.com/booking-com-phishing-scam-fake-captcha-asyncrat/