LabubaRAT: New Rust-Based RAT Impersonates NVIDIA Software to Target Windows Systems

LabubaRAT: New Rust-Based RAT Impersonates NVIDIA Software to Target Windows Systems

First seen 15 Jul 2026, 01:41 UTC Feeds.4SysopsFeeds.Feedburnerthehackernews.com 87% similarity 61.5

Article Content

Browse articles
ThreatCluster

A new remote access trojan (RAT) named LabubaRAT has been discovered, written in Rust and designed to impersonate NVIDIA software. It operates by using the filename 'nvidia-sysruntime.exe' to blend into Windows environments, making detection difficult. LabubaRAT can profile hosts, identify installed security products, and offers functionalities such as command execution and file transfer. The malware is believed to be part of a malware-as-a-service (MaaS) model, allowing attackers to configure command-and-control (C2) server details at runtime. This flexibility enables the same binary to be reused across various campaigns. The malware's capabilities include communication via HTTPS, WebView2, and DNS tunneling, complicating mitigation efforts. Currently, there are no known CVEs associated with LabubaRAT, but its sophisticated methods pose a significant threat to organizations using Windows systems.

Key Points: • LabubaRAT disguises itself as NVIDIA software to evade detection. • The malware offers extensive functionalities, including command execution and file transfer. • It may be part of a malware-as-a-service model, allowing flexible deployment across campaigns.

ThreatCluster AI

Timeline

2026-07-14
LabubaRAT identified
The malware was reported as a new Rust-based RAT targeting Windows systems by impersonating NVIDIA software.
Feeds.Feedburner
2026-07-14
Malware functionalities detailed
LabubaRAT was found to include features like command execution, file transfer, and profiling of installed security products.
Feeds.4Sysops

Community

Browse all →