Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

MostereRAT phishing campaign targeting Japanese users

Campaign
First reported
Last updated
Happening score
H score 34
1 unique sources, 1 articles

Summary

Hide ▲

The MostereRAT phishing campaign is targeting Japanese users with business-inquiry lures, creating a path to data theft and remote control on compromised systems. Victims are pushed to click malicious links that lead to an infected site and a booby-trapped Word/ZIP payload that launches the malware. The operation uses EPL, mTLS-protected C2, and security-tool blocking to evade detection while dropping AnyDesk, TigerVNC, and TightVNC.

Related Happenings

OAuth device-code phishing campaign targeting SaaS accounts

Campaign
First: 04.04.2026 17:17 Last: 04.04.2026 17:17 Sources 1

About this happening: A **device code phishing** campaign now includes **EvilTokens**, a **phishing-as-a-service** kit sold on **Telegram** that uses the **OAuth 2.0 device authorization flow** to hija...

Open Happening

Compromised legitimate WordPress websites used to infect visitors with infostealer malware campaign expands across multiple victims

Campaign
First: 11.03.2026 16:45 Last: 11.03.2026 16:45 Sources 1

About this happening: A **global ClickFix campaign** is abusing compromised **WordPress** sites to push **infostealer malware** to visitors, putting credentials and financial data at risk. The operatio...

Open Happening

Tomiris 2025 government-targeting campaign

Campaign
First: 01.12.2025 07:07 Last: 01.12.2025 07:07 Sources 1

About this happening: The **Tomiris 2025 campaign** is using **phishing** and **public-service C2** to target **foreign ministries**, **intergovernmental organizations**, and **government entities**, i...

Open Happening

Sneaky 2FA BitB phishing activity

Malware Activity
First: 18.11.2025 20:31 Last: 18.11.2025 20:31 Sources 1

About this happening: The **Sneaky 2FA** phishing kit has added **Browser-in-the-Browser (BitB)** pop-ups, making **credential theft** and **Microsoft account** takeover easier at scale. Attack chains...

Open Happening

Quantum Route Redirect democratizes Microsoft 365 phishing tradecraft

Threat Actor Meta
First: 12.11.2025 17:48 Last: 12.11.2025 17:48 Sources 1

About this happening: **Quantum Route Redirect** is **lowering the skill bar** for phishing operators, letting less-skilled cybercriminals run more sophisticated **Microsoft 365** credential-theft camp...

Open Happening

Timeline

  1. 09.09.2025 13:27 2 articles · 8mo ago

    MostereRAT phishing emails target Japanese users with business-inquiry lures

    Initial Disclosure

    Cybersecurity researchers disclosed a phishing campaign targeting Japanese users with business-inquiry lures that lead victims to a malicious site hosting a booby-trapped Microsoft Word file with an embedded ZIP archive. The ZIP contains an executable that launches MostereRAT, which drops tools such as AnyDesk, TigerVNC, and TightVNC, uses EPL-written modules, disables Windows security mechanisms, blocks traffic tied to security programs, and relies on mTLS-protected C2 to evade detection and extend control over compromised systems.

    Show sources
    Open in new tab