New GodRAT trojan targets financial sector via Skype
Cybersecurity researchers warn of surge in Stealerium malware
CISO news
New GodRAT trojan targets financial sector via Skype
new remote access Trojan( RAT) called GodRAT has been found targeting financial institutions, with its initial
A distribution channel being malicious screensaver files sent via Skype messenger, cybersecurity firm Kaspersky has revealed.
The Kaspersky Global Research and Analysis Team( GReAT) discovered the malware after it was uploaded to an online scanner in July 2024. The threat actors behind the campaign targeted small and mediumsized businesses( SMBs) in the United Arab Emirates, Hong Kong, Jordan and Lebanon.
GodRAT is highly evasive, using steganography – the practice of concealing a file within another – to hide malicious code within image files to avoid detection. The RAT then steals system information and can use additional plugins to explore victims’ systems and deploy password stealers to extract credentials from browsers like Chrome and Microsoft Edge. The attackers also used AsyncRAT as a secondary implant to ensure continued access to compromised systems.
Saurabh Sharma, a security researcher for Kaspersky’ s GReAT, said,“ GodRAT appears to be an evolution of AwesomePuppet, which was reported by Kaspersky in 2023 and is likely linked to the Winnti APT.” Sharma noted that the malware’ s code has similarities to the twodecade-old Gh0st RAT, highlighting how threat actors continue to adapt legacy codebases for new campaigns.
The GodRAT builder allows attackers to disguise the payload by using legitimate process names and saving the file in various formats, including. exe,. com and. bat.
Cybersecurity researchers warn of surge in Stealerium malware
C ybersecurity experts are sounding the alarm after a significant increase in cybercriminal activity involving Stealerium, a readily available open-source malware.
Researchers at the security firm Proofpoint have observed a marked surge in campaigns using the information stealer to harvest sensitive data from victims across the globe.
Proofpoint noted that this is the first major resurgence of Stealerium since early 2023, highlighting its enduring appeal to cybercriminals looking for low-cost, high-impact tools. The malware’ s accessibility and adaptability make it difficult for traditional defences to block, posing a serious threat to individuals and businesses alike.
According to Proofpoint’ s threat data, Stealerium activity spiked between May and August 2025. The malware, along with its variants like Phantom Stealer and Warp Stealer, is capable of exfiltrating a wide array of data, including browser credentials, cryptocurrency wallets, Wi-Fi profiles, and VPN configurations. This stolen information is then sent to the attackers through various channels, such as Discord, Telegram, and email.
Recent campaigns have used diverse social engineering tactics to trick victims, including fake payment notices, legal threats, and travel bookings. The malware is often hidden within compressed files or common script attachments. Some variants even feature sextortion capabilities, capturing screenshots and webcam images when specific content is detected in open browser tabs.
WWW. INTELLIGENTCISO. COM 9