Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

MostereRAT phishing-delivered RAT activity against Japanese Windows users

Malware Activity
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

The MostereRAT malware activity is using phishing to place a staged RAT on Microsoft Windows systems in Japan, giving attackers durable remote access and raising the risk of data theft. The operation blends a malicious email lure, a weaponized Word document, and Easy Programming Language (EPL) modules to hinder analysis. Once installed, the malware can escalate privileges, disable AV/EDR defenses, and deploy legitimate tools like AnyDesk and TightVNC. It also supports keystroke logging, telemetry blocking, and staged payload delivery.

Related Happenings

JanelaRAT malware activity targeting Latin American banks

Malware Activity
First: 13.04.2026 20:15 Last: 13.04.2026 20:15 Sources 1

About this happening: **JanelaRAT** continues targeting **Latin American banks and financial institutions**, with telemetry showing **14,739 attacks in Brazil** in **2025** and **11,695 in Mexico**, ra...

Open Happening

Perseus Android malware family actively distributed in the wild

Malware Activity
First: 19.03.2026 14:43 Last: 19.03.2026 14:43 Sources 1

About this happening: The **Perseus** **Android malware** family is being actively distributed in the wild, putting infected devices at risk of **device takeover** and **financial fraud**. It spreads t...

Open Happening

Amnesia RAT retrieved from Dropbox for data theft and remote control

Malware Activity
First: 24.01.2026 13:09 Last: 24.01.2026 13:09 Sources 1

About this happening: The **Amnesia RAT** payload is being staged from **Dropbox**, giving the operators a **remote-access trojan** that can steal data and control infected endpoints. It is the final s...

Open Happening

Tycoon 2FA phishing kit activity at enterprise scale

Malware Activity
First: 18.11.2025 17:01 Last: 18.11.2025 17:01 Sources 1

About this happening: The **Tycoon 2FA** phishing kit is being used at scale to relay MFA and steal enterprise sessions, putting **Microsoft 365** and **Gmail** users at risk. More than **64,000 attack...

Open Happening

SesameOp backdoor abuses OpenAI Assistants API

Malware Activity
First: 03.11.2025 20:35 Last: 03.11.2025 20:35 Sources 1

About this happening: The **SesameOp** backdoor now uses the **OpenAI Assistants API** as a covert **command-and-control** channel, giving operators durable remote access inside compromised environment...

Open Happening

Timeline

  1. 08.09.2025 23:49 2 articles · 8mo ago

    Fortinet reports MostereRAT phishing campaign against Windows users in Japan

    Initial Disclosure

    Fortinet's FortiGuard Labs reports a phishing campaign delivering MostereRAT to Microsoft Windows users in Japan through malicious emails, a malicious website, and a weaponized Word document with an embedded archive. The malware uses Easy Programming Language (EPL) modules, persistence, privilege escalation, AV/EDR evasion, TrustedInstaller abuse, Windows Filtering Platform filters, and legitimate remote access tools such as AnyDesk and TightVNC to maintain covert long-term control, log keystrokes, exfiltrate data, and create hidden administrator accounts.

    Show sources
    Open in new tab