Find notable cyber news and cases, enriched with sources, timelines, and signals.

Amnesia RAT retrieved from Dropbox for data theft and remote control

Malware Activity
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

The Amnesia RAT payload is being staged from Dropbox, giving the operators a remote-access trojan that can steal data and control infected endpoints. It is the final stage in a phishing-delivery chain that first disables security controls and then hands execution to the RAT. The malware materially increases risk for credential theft, session hijacking, and broader follow-on abuse on compromised systems.

Related Happenings

Millenium RAT Windows malware activity and native C++ rewrite

Malware Activity
H score62 First: 29.06.2026 17:30 Last: 29.06.2026 17:30 Sources 1

About this happening: The **Millenium RAT** malware activity is spreading across **Windows** systems, with **60,000+ infections** in **160+ countries** and a newer **native C++** build that helps it ev...

USB-spreading clipboard-stealing malware targeting cryptocurrency wallets

Malware Activity
H score27 First: 18.06.2026 19:20 Last: 18.06.2026 19:20 Sources 1

About this happening: A **USB-spreading** clipboard-stealing malware family is actively stealing **seed phrases**, **private keys**, and wallet addresses from **Windows** victims, putting cryptocurrenc...

Windows cryptocurrency clipper campaign targeting users via USB LNK worms

Campaign
H score32 First: 18.06.2026 17:30 Last: 18.06.2026 17:30 Sources 1

About this happening: A **Windows cryptocurrency clipper campaign** is actively targeting users since **February 2026**, putting clipboard data, wallet addresses, and seed phrases at risk. The operatio...

Windows cryptocurrency clipper malware using USB LNK worming and Tor C2

Malware Activity
H score29 First: 18.06.2026 17:30 Last: 18.06.2026 17:30 Sources 1

About this happening: A **Windows-based cryptocurrency clipper** has been active since **February 2026**, using **USB-delivered LNK** worming to steal wallet data and reroute payments. The malware adds...

ScarCruft NarwhalRAT spear-phishing malware activity

Malware Activity
H score23 First: 16.06.2026 11:14 Last: 16.06.2026 11:14 Sources 1

About this happening: **ScarCruft (APT37)** is using **spear-phishing emails** that impersonate **Microsoft Account security alerts** to deliver **NarwhalRAT**, creating a **multi-stage malware** threa...

Timeline

  1. 24.01.2026 13:09 2 articles · 5mo ago

    Fortinet links the campaign to Amnesia RAT delivery from Dropbox

    Technical Analysis Update

    Fortinet describes a multi-stage phishing campaign targeting users in Russia that chains GitHub scripts and Dropbox-hosted payloads to deliver Amnesia RAT (svchost.scr), disable Microsoft Defender with defendnot, and support broad data theft and remote control on infected Windows endpoints.

    Show sources