Millenium RAT 4.*: Evolving Threat with Global Impact

The Millenium RAT, particularly version 4.*, has seen a significant rise in exploitation, affecting over 62,000 endpoints across 160 countries. This remote access trojan, now written in C++, utilizes the Telegram Bot API for command and control, eliminating the need for dedicated servers. The malware allows attackers to exfiltrate sensitive data, capture screenshots, and perform keylogging. The developer, known as 'ShinyEnigma', offers the RAT as Malware-as-a-Service, with pricing models that make it accessible to threat actors. The previous version, 2.4, was first reported by CYFIRMA in November 2023, and the latest version has been linked to a sharp increase in infections, with nearly 40,000 devices compromised in Q1 2026 alone. The Y2K Operators, the threat actor cluster behind these campaigns, employ social engineering tactics to lure victims. The rapid evolution of this malware highlights the urgent need for enhanced cybersecurity measures.

Key Points: • Millenium RAT 4.* has infected over 62,000 devices globally, primarily targeting Windows systems. • The malware is offered as Malware-as-a-Service, with pricing starting at $50 for the first month. • The Y2K Operators are leveraging social engineering tactics to execute widespread exploitation campaigns.