Feeds.Feedburner
LabubaRAT: New Rust-based RAT Masquerades as NVIDIA Software to Target Windows Systems
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A new remote access trojan (RAT) named LabubaRAT has been discovered, written in Rust and designed to impersonate NVIDIA software. The malware disguises itself as 'nvidia-sysruntime.exe' to evade detection and establish persistent access on Windows systems. It profiles the host to identify installed security products and gathers system information. LabubaRAT supports various communication methods, including HTTPS and DNS tunneling, making it resilient against disruption. Evidence suggests it may be offered as malware-as-a-service (MaaS). The malware was identified by multiple cybersecurity firms, including Blackpoint Cyber’s Adversary Pursuit Group (APG). As of now, there are no known patches or mitigations available.
Key Points: • LabubaRAT is a Rust-based RAT that impersonates NVIDIA software to evade detection. • The malware profiles infected systems to identify security products and gather system data. • It supports multiple communication methods, making it difficult to disrupt and potentially offered as MaaS.