GoodPersonRAT Malware Distributed via Fake LetsVPN Installer

GoodPersonRAT Malware Distributed via Fake LetsVPN Installer

First seen 9 Jul 2026, 22:57 UTC CybersecuritynewsCybernewsFeeds.Feedburnerwww.threatlocker.com 76% similarity 69.5

Article Content

Browse articles
ThreatCluster

A new remote access trojan (RAT) named GoodPersonRAT is being distributed through a malicious installer that pretends to be the legitimate LetsVPN software. The installer, identified as Kuailian_win-setup.86.msi, drops and executes an encrypted RAT, allowing attackers full control over the victim's machine. This malware is designed to evade detection by loading its payload directly into memory without writing it to disk. It features extensive capabilities, including keylogging, screen monitoring, and clipboard theft, specifically targeting Telegram Desktop users. The malware connects to a selection of 40 command-and-control servers, some of which translate to 'you are a good person' in Chinese. Users are warned to verify software integrity before installation to avoid such threats. The attack primarily affects users in China who rely on VPNs to bypass internet censorship.

Key Points: • GoodPersonRAT is distributed via a trojanized LetsVPN installer. • The malware provides attackers full remote control and evades detection by operating in memory. • Users are advised to download software only from official sources to mitigate risks.

ThreatCluster AI

Timeline

2026-07-09
GoodPersonRAT malware identified
ThreatLocker researchers uncovered a new RAT named GoodPersonRAT distributed via a fake LetsVPN installer, posing a significant risk to users.
ThreatLocker
2026-07-09
Malware features detailed
The RAT offers extensive capabilities including keylogging and remote desktop access, specifically targeting Telegram Desktop users.
Cybernews
2026-07-09
Users warned about fake installers
Security researchers emphasize the importance of verifying software integrity to avoid falling victim to such malware.
Cybersecuritynews

Community

Browse all →