VileRAT Attacking Windows Machines via Malicious Software

A new variant of VileRAT is being distributed through fake software pirate websites to infect Windows systems on a large scale.

This Python-based VileRAT malware family is believed to be specific to the Evilnum threat group, DeathStalker, which has been active since August 2023.

It is frequently observed being spread by the VileLoader loader, which is designed to run VileRAT in-memory and limit on-disk artifacts.

It functions similarly to conventional remote access tools, allowing attackers to record keystrokes, run commands, and obtain information remotely. Because VileRAT is extensible and modular, actors can use the framework to implement new features.

VileRAT Attacking Windows Machines via Malicious Software

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

VileRAT Attacking Windows Machines via Malicious Software

02-Feb-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address