Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Amnesia RAT retrieved from Dropbox for data theft and remote control

Malware Activity
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

The Amnesia RAT payload is being staged from Dropbox, giving the operators a remote-access trojan that can steal data and control infected endpoints. It is the final stage in a phishing-delivery chain that first disables security controls and then hands execution to the RAT. The malware materially increases risk for credential theft, session hijacking, and broader follow-on abuse on compromised systems.

Related Happenings

Secret Blizzard Kazuar modular P2P botnet

Malware Activity
First: 16.05.2026 17:15 Last: 16.05.2026 17:15 Sources 1

About this happening: **Kazuar** is being used in a **multi-stage campaign in Ukraine** that ESET says likely involves **Gamaredon** providing access and **Turla/Secret Blizzard** delivering the backdo...

Open Happening

ModeloRAT malicious PowerShell and Dropbox delivery activity

Malware Activity
First: 14.05.2026 15:12 Last: 14.05.2026 15:12 Sources 1

About this happening: The **ModeloRAT** activity now uses a **malicious PowerShell command** and a **Dropbox ZIP payload** to gain persistent footholds, enabling **system reconnaissance**, **screenshot...

Open Happening

Open-OSS/privacy-filter Hugging Face infostealer activity

Malware Activity
First: 11.05.2026 10:05 Last: 11.05.2026 10:05 Sources 1

About this happening: A malicious **Hugging Face repository** called **Open-OSS/privacy-filter** impersonated **OpenAI's Privacy Filter** and delivered a **Rust-based information stealer** to **Windows...

Open Happening

Sefirah infostealer delivered through a malicious Hugging Face repository

Malware Activity
First: 09.05.2026 17:26 Last: 09.05.2026 17:26 Sources 1

About this happening: A malicious **Hugging Face** repository impersonated **OpenAI’s Privacy Filter** and delivered **sefirah**, a **Rust-based infostealer**, to **Windows** users, creating credential...

Open Happening

TCLBANKER banking trojan activity targeting 59 financial platforms

Malware Activity
First: 08.05.2026 21:12 Last: 08.05.2026 21:12 Sources 1

About this happening: **TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...

Open Happening

Timeline

  1. 24.01.2026 13:09 2 articles · 4mo ago

    Fortinet links the campaign to Amnesia RAT delivery from Dropbox

    Technical Analysis Update

    Fortinet describes a multi-stage phishing campaign targeting users in Russia that chains GitHub scripts and Dropbox-hosted payloads to deliver Amnesia RAT (svchost.scr), disable Microsoft Defender with defendnot, and support broad data theft and remote control on infected Windows endpoints.

    Show sources
    Open in new tab