Atroposia malware-as-a-service remote access trojan activity
Malware Activity
Summary
Hide ▲
Show ▼
The Atroposia platform now offers a remote access trojan that gives buyers persistent access, evasion, data theft, and local vulnerability scanning on Windows systems. The $200 monthly MaaS lowers the barrier for cybercriminals to run a modular malware operation with built-in credential theft, clipboard theft, and DNS hijacking.
Related Happenings
OnyxC2 developers commercialize stealer as tiered MaaS with support
Threat Actor Meta
H score23
First: 11.06.2026 16:00
Last: 11.06.2026 16:00
Sources 1
About this happening:
**OnyxC2** has been sold as a **Malware-as-a-Service** stealer, giving cybercriminal buyers access to a rentable credential-theft platform instead of a one-off custom build. The o...
OnyxC2 developers commercialize stealer as tiered MaaS with support
Threat Actor MetaAbout this happening: **OnyxC2** has been sold as a **Malware-as-a-Service** stealer, giving cybercriminal buyers access to a rentable credential-theft platform instead of a one-off custom build. The o...
OnyxC2 stealer remote-access and credential-theft activity
Malware Activity
H score23
First: 11.06.2026 16:00
Last: 11.06.2026 16:00
Sources 1
About this happening:
The **OnyxC2 stealer** has expanded into **remote-access and persistence-enabled credential theft**, giving buyers a way to harvest browser, extension, wallet, and business-app da...
OnyxC2 stealer remote-access and credential-theft activity
Malware ActivityAbout this happening: The **OnyxC2 stealer** has expanded into **remote-access and persistence-enabled credential theft**, giving buyers a way to harvest browser, extension, wallet, and business-app da...
WeedHack Minecraft MaaS campaign expands with malicious JARs and remote access
Malware Activity
H score65
First: 03.06.2026 00:54
Last: 03.06.2026 00:54
Sources 1
About this happening:
**WeedHack** is a **Minecraft-focused malware-as-a-service** operation that has been active since **January 2026** and uses **SEO poisoning** and **YouTube** to push malicious dow...
WeedHack Minecraft MaaS campaign expands with malicious JARs and remote access
Malware ActivityAbout this happening: **WeedHack** is a **Minecraft-focused malware-as-a-service** operation that has been active since **January 2026** and uses **SEO poisoning** and **YouTube** to push malicious dow...
Atroposia RAT modular toolkit promoted on underground forums
Malware Activity
H score28
First: 29.10.2025 13:15
Last: 29.10.2025 13:15
Sources 1
About this happening:
A new **Atroposia RAT** activity has surfaced as a **modular criminal toolkit** promoted on underground forums, increasing the risk of **credential theft** and **unauthorized remo...
Atroposia RAT modular toolkit promoted on underground forums
Malware ActivityAbout this happening: A new **Atroposia RAT** activity has surfaced as a **modular criminal toolkit** promoted on underground forums, increasing the risk of **credential theft** and **unauthorized remo...
Timeline
-
28.10.2025 15:15 1 articles · 7mo ago
Varonis identifies Atroposia modular RAT service for Windows
Initial DisclosureResearchers at Varonis identify Atroposia as a new malware-as-a-service platform that offers cybercriminals a modular remote access trojan for Windows systems. The service is sold for a $200 monthly subscription and combines encrypted command-and-control, UAC bypass, hidden remote desktop, file system control, data exfiltration, credential theft, clipboard theft, cryptocurrency wallet theft, DNS hijacking, and a local vulnerability scanner that checks missing patches, unsafe settings, and outdated software versions.
Show sources
- New Atroposia malware comes with a local vulnerability scanner — www.bleepingcomputer.com — 28.10.2025 15:15