Cybernews
GoodPersonRAT Malware Distributed via Fake LetsVPN Installer
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A new remote access trojan (RAT) named GoodPersonRAT is being distributed through a malicious installer that pretends to be the legitimate LetsVPN software. The installer, identified as Kuailian_win-setup.86.msi, drops and executes an encrypted RAT, allowing attackers full control over the victim's machine. This malware is designed to evade detection by loading its payload directly into memory without writing it to disk. It features extensive capabilities, including keylogging, screen monitoring, and clipboard theft, specifically targeting Telegram Desktop users. The malware connects to a selection of 40 command-and-control servers, some of which translate to 'you are a good person' in Chinese. Users are warned to verify software integrity before installation to avoid such threats. The attack primarily affects users in China who rely on VPNs to bypass internet censorship.
Key Points: • GoodPersonRAT is distributed via a trojanized LetsVPN installer. • The malware provides attackers full remote control and evades detection by operating in memory. • Users are advised to download software only from official sources to mitigate risks.