STX RAT Emerges as Advanced Threat in Finance Sector

Severity: High (Score: 67.5)

Sources: Gbhackers, Cybersecuritynews, Infosecurity-Magazine

Summary

The STX RAT, a previously undocumented remote access trojan, was identified in late February 2026 targeting the finance sector. It employs sophisticated stealth tactics, including multi-stage scripts and encrypted communication, to evade detection. Initial access is gained through malicious VBScript and JScript that download the core payload. Once installed, STX RAT allows attackers to remotely control infected machines and harvest sensitive information. The malware's design suggests ongoing development, with some features not yet operational. eSentire's Threat Response Unit is actively monitoring the situation and has isolated affected systems. Organizations are urged to enhance endpoint protections against script-based attacks. The threat is significant, given its potential for widespread exploitation in financial environments. Key Points: • STX RAT uses advanced evasion techniques to avoid detection by security tools. • The malware targets the finance sector, leveraging multi-stage scripts for initial access. • eSentire is monitoring the threat and recommends strengthening endpoint protections.

Key Entities

• Malware (attack_type)
• Trojan (attack_type)
• DesckVB RAT (malware)
• STX RAT (malware)
• T1003 - OS Credential Dumping (mitre_attack)
• T1021 - Remote Services (mitre_attack)
• T1059.005 - Visual Basic (mitre_attack)
• T1059.007 - JavaScript (mitre_attack)
• T1071 - Application Layer Protocol (mitre_attack)