Amnesia RAT retrieved from Dropbox for data theft and remote control
Malware Activity
Summary
Hide ▲
Show ▼
The Amnesia RAT payload is being staged from Dropbox, giving the operators a remote-access trojan that can steal data and control infected endpoints. It is the final stage in a phishing-delivery chain that first disables security controls and then hands execution to the RAT. The malware materially increases risk for credential theft, session hijacking, and broader follow-on abuse on compromised systems.
Related Happenings
Millenium RAT Windows malware activity and native C++ rewrite
Malware Activity
H score62
First: 29.06.2026 17:30
Last: 29.06.2026 17:30
Sources 1
About this happening:
The **Millenium RAT** malware activity is spreading across **Windows** systems, with **60,000+ infections** in **160+ countries** and a newer **native C++** build that helps it ev...
Millenium RAT Windows malware activity and native C++ rewrite
Malware ActivityAbout this happening: The **Millenium RAT** malware activity is spreading across **Windows** systems, with **60,000+ infections** in **160+ countries** and a newer **native C++** build that helps it ev...
USB-spreading clipboard-stealing malware targeting cryptocurrency wallets
Malware Activity
H score27
First: 18.06.2026 19:20
Last: 18.06.2026 19:20
Sources 1
About this happening:
A **USB-spreading** clipboard-stealing malware family is actively stealing **seed phrases**, **private keys**, and wallet addresses from **Windows** victims, putting cryptocurrenc...
USB-spreading clipboard-stealing malware targeting cryptocurrency wallets
Malware ActivityAbout this happening: A **USB-spreading** clipboard-stealing malware family is actively stealing **seed phrases**, **private keys**, and wallet addresses from **Windows** victims, putting cryptocurrenc...
Windows cryptocurrency clipper campaign targeting users via USB LNK worms
Campaign
H score32
First: 18.06.2026 17:30
Last: 18.06.2026 17:30
Sources 1
About this happening:
A **Windows cryptocurrency clipper campaign** is actively targeting users since **February 2026**, putting clipboard data, wallet addresses, and seed phrases at risk. The operatio...
Windows cryptocurrency clipper campaign targeting users via USB LNK worms
CampaignAbout this happening: A **Windows cryptocurrency clipper campaign** is actively targeting users since **February 2026**, putting clipboard data, wallet addresses, and seed phrases at risk. The operatio...
Windows cryptocurrency clipper malware using USB LNK worming and Tor C2
Malware Activity
H score29
First: 18.06.2026 17:30
Last: 18.06.2026 17:30
Sources 1
About this happening:
A **Windows-based cryptocurrency clipper** has been active since **February 2026**, using **USB-delivered LNK** worming to steal wallet data and reroute payments. The malware adds...
Windows cryptocurrency clipper malware using USB LNK worming and Tor C2
Malware ActivityAbout this happening: A **Windows-based cryptocurrency clipper** has been active since **February 2026**, using **USB-delivered LNK** worming to steal wallet data and reroute payments. The malware adds...
ScarCruft NarwhalRAT spear-phishing malware activity
Malware Activity
H score23
First: 16.06.2026 11:14
Last: 16.06.2026 11:14
Sources 1
About this happening:
**ScarCruft (APT37)** is using **spear-phishing emails** that impersonate **Microsoft Account security alerts** to deliver **NarwhalRAT**, creating a **multi-stage malware** threa...
ScarCruft NarwhalRAT spear-phishing malware activity
Malware ActivityAbout this happening: **ScarCruft (APT37)** is using **spear-phishing emails** that impersonate **Microsoft Account security alerts** to deliver **NarwhalRAT**, creating a **multi-stage malware** threa...
Timeline
-
24.01.2026 13:09 2 articles · 5mo ago
Fortinet links the campaign to Amnesia RAT delivery from Dropbox
Technical Analysis UpdateFortinet describes a multi-stage phishing campaign targeting users in Russia that chains GitHub scripts and Dropbox-hosted payloads to deliver Amnesia RAT (svchost.scr), disable Microsoft Defender with defendnot, and support broad data theft and remote control on infected Windows endpoints.
Show sources
- Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware — thehackernews.com — 24.01.2026 13:09
- Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware — thehackernews.com — 24.01.2026 13:09