STX RAT Emerges as Stealthy Cyber Threat with Remote Access and Data Theft Capabilities

Severity: Medium (Score: 48.9)

Sources: Cybersecuritynews, Gbhackers

Summary

A new remote access trojan (RAT) named STX RAT has been identified as a significant cybersecurity threat in 2026. This malware combines hidden remote desktop access with infostealer features, allowing it to quietly compromise targeted systems. The attack vector involves malicious VBScript and JScript chains that download a TAR archive containing the core payload. STX RAT employs advanced evasion techniques and encryption to avoid detection by security tools. The malware's name is derived from the Start of Text (STX) magic byte it uses in communications with its command-and-control server. Specific numbers of affected systems and CVEs have not been disclosed in the articles. The current status indicates that STX RAT is actively being analyzed by cybersecurity professionals. Organizations are advised to remain vigilant against this emerging threat. Key Points: • STX RAT combines remote desktop access with credential-stealing capabilities. • The malware uses advanced evasion techniques to avoid detection by security tools. • Initial access is gained through malicious VBScript and JScript chains.

Key Entities

• Malware (attack_type)
• Trojan (attack_type)
• STX RAT (malware)
• T1003 - OS Credential Dumping (mitre_attack)
• T1021 - Remote Services (mitre_attack)
• T1059.005 - Visual Basic (mitre_attack)
• T1059.007 - JavaScript (mitre_attack)
• T1071 - Application Layer Protocol (mitre_attack)