WebRAT Malware Distributed via Fake GitHub Exploits

First reported

23.12.2025 21:31

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

The WebRAT malware, previously spread through pirated software and game cheats, is now being distributed via GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. The malware, which can steal credentials, spy through webcams, and capture screenshots, is delivered through carefully crafted repositories mimicking exploits for vulnerabilities such as CVE-2025-59295, CVE-2025-10294, and CVE-2025-59230. The repositories contain AI-generated text and password-protected ZIP files with the malware dropper.

Timeline

23.12.2025 21:31 1 articles · 23h ago

WebRAT Malware Distributed via Fake GitHub Exploits
Since at least September, WebRAT malware operators have been distributing the malware through GitHub repositories that claim to provide exploits for vulnerabilities such as CVE-2025-59295, CVE-2025-10294, and CVE-2025-59230. The repositories contain AI-generated text and password-protected ZIP files with the malware dropper. Kaspersky researchers discovered 15 repositories distributing WebRAT, all of which have been removed.
Show sources

WebRAT malware spread via fake vulnerability exploits on GitHub — www.bleepingcomputer.com — 23.12.2025 21:31
Open in new tab

Information Snippets

WebRAT malware is distributed through GitHub repositories claiming to provide exploits for vulnerabilities CVE-2025-59295, CVE-2025-10294, and CVE-2025-59230.
First reported: 23.12.2025 21:31

1 source, 1 article
Show sources
- WebRAT malware spread via fake vulnerability exploits on GitHub — www.bleepingcomputer.com — 23.12.2025 21:31
The malware can steal credentials for Steam, Discord, Telegram, and cryptocurrency wallets, as well as spy on victims through webcams and capture screenshots.
First reported: 23.12.2025 21:31

1 source, 1 article
Show sources
- WebRAT malware spread via fake vulnerability exploits on GitHub — www.bleepingcomputer.com — 23.12.2025 21:31
The repositories contain AI-generated text and password-protected ZIP files with the malware dropper.
First reported: 23.12.2025 21:31

1 source, 1 article
Show sources
- WebRAT malware spread via fake vulnerability exploits on GitHub — www.bleepingcomputer.com — 23.12.2025 21:31
The dropper elevates privileges, disables Windows Defender, and downloads and executes WebRAT from a hardcoded URL.
First reported: 23.12.2025 21:31

1 source, 1 article
Show sources
- WebRAT malware spread via fake vulnerability exploits on GitHub — www.bleepingcomputer.com — 23.12.2025 21:31
Kaspersky researchers discovered 15 repositories distributing WebRAT, all of which have been removed.
First reported: 23.12.2025 21:31

1 source, 1 article
Show sources
- WebRAT malware spread via fake vulnerability exploits on GitHub — www.bleepingcomputer.com — 23.12.2025 21:31