Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

PureRAT distributed through AI-assisted phishing emails

Malware Activity
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

The PureRAT malware is being distributed through phishing emails that pose as job opportunities, expanding a threat that can steal data and preserve remote access on infected systems. It is a full-featured RAT and infostealer that first emerged last year. The malware’s scripts also show signs of AI-assisted code generation.

Related Happenings

AI-generated code is driving a rising CVE trend in March 2026

Target Trend
First: 26.03.2026 18:40 Last: 26.03.2026 18:40 Sources 1

About this happening: **AI-generated code** is driving a rising **CVE** trend, with **35 disclosures in March 2026** showing a material increase in flaws across **public advisories and open-source proj...

Open Happening

Arkanix Stealer infostealer operation

Malware Activity
First: 22.02.2026 17:33 Last: 22.02.2026 17:33 Sources 1

About this happening: A **short-lived Arkanix Stealer** operation emerged in **October 2025**, putting **browser data, wallets, and credentials** at risk across multiple platforms. The project combined...

Open Happening

ChatGPT Mods token-stealing browser-extension campaign

Campaign
First: 30.01.2026 15:42 Last: 30.01.2026 15:42 Sources 1

About this happening: The **ChatGPT Mods** campaign used **16 browser extensions** to inject a **content script** into **chatgpt[.]com**, stealing authentication tokens that could let operators imperso...

Open Happening

PeckBirdy JScript C2 framework used across multiple environments since 2023

Malware Activity
First: 27.01.2026 11:01 Last: 27.01.2026 11:01 Sources 1

About this happening: Since **2023**, the **PeckBirdy** **JScript-based C2 framework** has been used by **China-aligned APT actors** to reach **multiple environments**, giving them flexible delivery an...

Open Happening

Vampire Bot Go malware activity

Malware Activity
First: 07.10.2025 20:04 Last: 07.10.2025 20:04 Sources 1

About this happening: **BatShadow**, a **Vietnam-based threat group**, is using **phishing emails** and **ZIP archives** to target **job seekers** and **digital marketing professionals** with **Vampire...

Open Happening

Timeline

  1. 28.01.2026 14:10 2 articles · 3mo ago

    PureRAT campaign analysis links AI-generated code to phishing delivery

    Technical Analysis Update

    Symantec and the Carbon Black Threat Hunter Team analyzed a PureRAT campaign delivered through malicious links in phishing emails posing as job opportunities and found signs that the attackers used AI tools to write scripts and code, including emojis, explanatory comments, debug messages, and leftover instructions. The analysis also says the operator is likely based in Vietnam, citing Vietnamese language in the scripts and references to Hanoi.

    Show sources
    Open in new tab