Feeds.Feedburner
LabubaRAT: New Rust-Based RAT Impersonates NVIDIA Software to Target Windows Systems
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A new remote access trojan (RAT) named LabubaRAT has been discovered, written in Rust and designed to impersonate NVIDIA software. It operates by using the filename 'nvidia-sysruntime.exe' to blend into Windows environments, making detection difficult. LabubaRAT can profile hosts, identify installed security products, and offers functionalities such as command execution and file transfer. The malware is believed to be part of a malware-as-a-service (MaaS) model, allowing attackers to configure command-and-control (C2) server details at runtime. This flexibility enables the same binary to be reused across various campaigns. The malware's capabilities include communication via HTTPS, WebView2, and DNS tunneling, complicating mitigation efforts. Currently, there are no known CVEs associated with LabubaRAT, but its sophisticated methods pose a significant threat to organizations using Windows systems.
Key Points: • LabubaRAT disguises itself as NVIDIA software to evade detection. • The malware offers extensive functionalities, including command execution and file transfer. • It may be part of a malware-as-a-service model, allowing flexible deployment across campaigns.