LabubaRAT: New Rust-based RAT Masquerades as NVIDIA Software to Target Windows Systems

LabubaRAT: New Rust-based RAT Masquerades as NVIDIA Software to Target Windows Systems

First seen 15 Jul 2026, 01:41 UTC Feeds.4SysopsFeeds.Feedburnerthehackernews.comCybersecuritynewsGbhackers 88% similarity 65.0

Article Content

Browse articles
ThreatCluster

A new remote access trojan (RAT) named LabubaRAT has been discovered, written in Rust and designed to impersonate NVIDIA software. The malware disguises itself as 'nvidia-sysruntime.exe' to evade detection and establish persistent access on Windows systems. It profiles the host to identify installed security products and gathers system information. LabubaRAT supports various communication methods, including HTTPS and DNS tunneling, making it resilient against disruption. Evidence suggests it may be offered as malware-as-a-service (MaaS). The malware was identified by multiple cybersecurity firms, including Blackpoint Cyber’s Adversary Pursuit Group (APG). As of now, there are no known patches or mitigations available.

Key Points: • LabubaRAT is a Rust-based RAT that impersonates NVIDIA software to evade detection. • The malware profiles infected systems to identify security products and gather system data. • It supports multiple communication methods, making it difficult to disrupt and potentially offered as MaaS.

ThreatCluster AI

Timeline

2026-07-14
LabubaRAT identified
Cybersecurity researchers discovered LabubaRAT, a Rust-based RAT masquerading as NVIDIA software.
Feeds.Feedburner
2026-07-14
LabubaRAT's capabilities detailed
The malware was reported to include features like command execution, file transfer, and screenshot capture.
Feeds.4Sysops
2026-07-15
Further analysis published
Multiple cybersecurity outlets reported on LabubaRAT's design and operational methods, confirming its threat level.
Gbhackers

Community

Browse all →