Viruses

Myth Stealer is a sophisticated information-stealing malware developed in the Rust programming language, designed to target both Chromium and Gecko-based browsers. It is capable of extracting sensitive data such as saved passwords, cookies, autofill information, and even credit card details from browsers and popular applications like Discord. To avoid detection, Myth Stealer employs anti-analysis measures, including string obfuscation and checks for virtual environments, shutting down if it suspects it is being analyzed. One particularly dangerous feature is its clipboard hijacking functionality, which monitors for cryptocurrency wallet addresses and swaps them with the attacker’s address, potentially leading to financial theft. The malware also takes screenshots and sends all stolen information to a remote command and control server in a compressed archive. Persistence is achieved by creating a copy in the AppData folder and a startup shortcut, ensuring it runs every time the computer boots. Myth Stealer is commonly distributed via fake gaming websites and online forums, often disguised as game cheats or related files. Its advanced evasion techniques and broad data theft capabilities make it a serious threat to user privacy and financial security.

Trojan:Win32/Sabsik.EN.A!ml is a dangerous Windows-based malware threat commonly detected by Microsoft Defender. This trojan is designed to infiltrate systems stealthily, often masquerading as legitimate files or applications downloaded from untrusted sources. Once active, it can alter critical system settings, manipulate the Windows registry, and modify group policies, thereby compromising overall system integrity and security. Sabsik.EN is particularly notorious for its multi-purpose capabilities, such as downloading and installing additional malicious payloads including spyware, ransomware, or backdoors, which can further expose the infected system to cybercriminal exploitation. Infected users may experience data theft, unauthorized remote access, or persistent unwanted advertisements, all of which serve to benefit the malware operators financially. Because the trojan can disable or evade native security tools, removal often requires specialized anti-malware solutions. Prompt action is essential, as delays can result in escalating risks and greater damage to personal data and privacy. Practicing safe browsing habits and maintaining up-to-date security software are crucial defenses against threats like Sabsik.EN.

PylangGhost RAT is a sophisticated remote access trojan developed in Python, primarily used by the North Korea-aligned threat actor known as Famous Chollima, also referred to as Wagemole. This malware enables attackers to remotely control compromised systems, execute commands, and exfiltrate sensitive data, making it a serious threat to both individual users and organizations. PylangGhost RAT is typically distributed through social engineering schemes, such as fake job offers targeting professionals in cryptocurrency and blockchain sectors, often using meticulously crafted phishing campaigns. Once installed, it can ensure persistence by auto-starting with system reboots and is capable of stealing credentials, browser histories, autofill data, and information from over eighty browser extensions, including cryptocurrency wallets and password managers. Its modular architecture allows for the downloading and execution of additional payloads, potentially leading to further infections like ransomware or cryptominers. The malware operates stealthily, often showing no clear symptoms, which complicates detection and removal for most users. Ultimately, PylangGhost RAT’s presence on a device poses significant privacy, financial, and security risks, underscoring the need for updated antivirus solutions and cautious online behavior to prevent infection.

KimJongRAT Stealer is a sophisticated piece of malware designed to covertly infiltrate Windows systems and steal sensitive user data. This threat operates as a remote access trojan (RAT) and information stealer, typically targeting browser credentials, cryptocurrency wallets, FTP logins, and email client data. It is known to have multiple variants, including one distributed as a traditional Portable Executable file and another leveraging PowerShell scripts for enhanced stealth and persistence. Both versions use advanced evasion techniques, such as encoded scripts, dynamic payload downloads, and abuse of trusted public services to avoid detection by security software. KimJongRAT often spreads through phishing emails, malicious shortcuts, pirated software, and deceptive advertisements, making it a widespread danger for unsuspecting users. Once installed, it can log keystrokes, monitor clipboard activity, and relay stolen information to remote attackers, potentially leading to identity theft, financial loss, and unauthorized access to online accounts. Its capability to maintain long-term access on infected machines further increases the risk of secondary attacks. Early detection and prompt removal are crucial to prevent serious privacy violations and system compromise.

Amatera Stealer is a sophisticated information-stealing malware written in C++ and offered as a malware-as-a-service (MaaS) to cybercriminals. Based on the ACR stealer, it is specifically designed to target sensitive data from browser extensions, password managers, cryptocurrency wallets, email clients, and messaging applications like Signal and WhatsApp. Once it infiltrates a system, Amatera Stealer can bypass browser encryption by injecting malicious code, allowing it to extract cookies, saved passwords, browsing history, and other private information. The malware also seeks out files by specific extensions and keywords related to software wallets and communication tools, significantly increasing the potential for data theft. In addition to stealing information, it can download and execute other malicious files and PowerShell scripts, further compromising the device. Distribution channels include deceptive email campaigns, compromised websites using ClearFake and ClickFix methods, and fake software cracks. Victims face serious risks such as privacy invasion, financial loss, and identity theft, as well as the possibility of ongoing system compromise. Immediate detection and removal are crucial to minimize potential damage from this highly evasive threat.

Sorillus RAT is a sophisticated, Java-based remote access trojan offered as malware-as-a-service, targeting Windows, macOS, and Linux systems. Cybercriminals behind Sorillus RAT distribute it primarily through phishing emails containing fake invoices, which lure victims into downloading malicious files. Once installed, this RAT provides attackers with extensive control, allowing them to execute commands, manage files and processes, and steal sensitive information such as hardware IDs, operating system details, and user credentials. Its surveillance capabilities include recording webcam and microphone input, capturing screenshots, keylogging, and even reading clipboard contents. Sorillus RAT can also exfiltrate data by compressing and transferring files over HTTP, making it highly effective for data theft operations. Attackers can use the trojan to install additional malware, shut down or reboot infected systems, or even uninstall itself to evade detection. Infections typically remain stealthy, causing little to no visible symptoms, which makes early detection difficult. Users are at risk of financial loss, identity theft, and further compromise if this malware remains active on their devices.

Sakura RAT is a sophisticated remote access trojan designed to provide cybercriminals with full control over compromised Windows systems. Distributed largely via GitHub repositories—often hidden within build scripts and project files—Sakura RAT is associated with the financially-motivated threat actor "Water Curse." Once installed, it employs advanced anti-detection and anti-analysis techniques, such as disabling Microsoft Defender, bypassing User Account Control (UAC), and ensuring persistence through scheduled tasks and registry modifications. Sakura RAT harvests a wide range of sensitive data, including system information, network details, browser credentials, messenger data, and even files from developer and AI chatbot accounts. It is capable of in-memory payload execution, hidden desktop and browser access, screenshot capture, and theft of stored passwords and cookies. The malware also targets system recovery options by deleting Volume Shadow Copies and modifying registry keys to prevent the use of System Restore. Its stealthy nature means victims are unlikely to notice obvious symptoms, increasing the risk of prolonged data theft and privacy compromise. Constant updates and feature improvements by its developers mean that future variants could introduce even more destructive capabilities.

Midnight Ransomware is a dangerous file-encrypting malware strain identified as part of the Babuk ransomware family, discovered during active research on malicious file submissions to VirusTotal. It is designed to illegally extort victims by encrypting all accessible files on an infected system, rendering user data unusable and then demanding a hefty ransom for restoration. Once activated, Midnight Ransomware systematically renames every targeted file by appending the .Midnight extension, so, for example, a file named invoice.pdf would become invoice.pdf.Midnight. This aggressive malware utilizes robust cryptographic algorithms, typically leveraging a combination of symmetric and asymmetric encryption, which makes decryption nearly impossible without a private key stored on the attackers’ remote servers. When the encryption process concludes, the victim will find a ransom note named How To Restore Your Files.txt dropped into affected folders. This note informs users that their files are locked and threatens permanent data loss or public data leaks unless instructions are followed and payment is made within a few days, with late payment resulting in a higher ransom.