Find notable cyber news and cases, enriched with sources, timelines, and signals.

Geta RAT, Ares RAT, and DeskRAT cross-platform credential-theft activity

Malware Activity
First reported
Last updated
Happening score
H score 23
2 unique sources, 2 articles

Summary

Hide ▲

Geta RAT, Ares RAT, and DeskRAT are being deployed across Windows and Linux in phishing-led intrusions that enable credential theft, persistent access, and remote control of infected systems. The malware families are being used against Indian defense, government-aligned, and adjacent strategic organizations. Their capabilities include reconnaissance, data collection, clipboard abuse, screenshot capture, arbitrary shell execution, and USB harvesting. The cross-platform mix makes the activity harder to detect and gives operators durable post-compromise access.

Related Happenings

SprySOCKS Windows backdoor activity against government organizations

Malware Activity
H score23 First: 16.06.2026 12:00 Last: 16.06.2026 12:00 Sources 1

About this happening: **SprySOCKS** now has documented **Windows variants**, **WIN_DRV** and **WIN_PLUS**, expanding a toolset first known as a **Linux-only backdoor**. The activity is tied to **govern...

Gamaredon WinRAR malware chain using GammaPhish, GammaLoad, GammaWorm, and GammaSteel

Malware Activity
H score49 First: 02.06.2026 21:21 Last: 02.06.2026 21:21 Sources 1

About this happening: **Gamaredon** is a **Russian APT** that expanded its **2025** activity against **Ukraine** with **35 spear-phishing campaigns** aimed at **government and military institutions**....

Latest development: 09.06.2026 15:26

Trend Micro attributes ongoing exploitation of WinRAR CVE-2025-8088 against Ukrainian organizations to Earth Dahu (Gamaredon) and SHADOW-EARTH-066 (UAC-0226). The campaigns use crafted RAR archives with hidden ADS payloads, a decoy PDF, a Startup-folder LNK, and a PowerShell chain via cmd.exe to launch GIFTEDCROOK (result.dll), while Earth Dahu's HTA-to-VBScript chain delivers GammaPhish, GammaLoad, and GammaSteel. The exfiltration path also shifts from Telegram to dedicated C2 servers, and Earth Dahu's use of the flaw is assessed to have remained active through at least April 10, 2026.

GreyVibe custom malware activity with LegionRelay, PhantomRelay, and FallSpy

Malware Activity
H score41 First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GREYVIBE** is a **Russian-speaking** malware activity targeting **Ukraine and Ukraine-related entities** since at least **August 2025**. The group uses **spear-phishing e-mails*...

ScarCruft sqgame[.]net supply-chain espionage campaign

Campaign
H score8 First: 05.05.2026 12:07 Last: 05.05.2026 12:07 Sources 1

About this happening: **ScarCruft**'s **late-2024** supply-chain campaign against **sqgame[.]net** expanded a niche gaming platform compromise into a **multi-platform espionage channel**. The operation...

Vidar infostealer market rise and distribution expansion

Malware Activity
H score30 First: 28.04.2026 22:07 Last: 28.04.2026 22:07 Sources 1

About this happening: **Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...

Timeline

  1. 11.02.2026 16:52 3 articles · 4mo ago

    Cross-platform RAT campaigns against Indian entities disclosed

    Initial Disclosure

    Aryaka describes phishing-led campaigns against Indian defense, government, and strategic entities that use malicious attachments, embedded download links, Windows shortcuts (LNK), ELF binaries, and rogue PowerPoint Add-In files to drop Geta RAT, Ares RAT, and DeskRAT on Windows and Linux systems, enabling persistent access, reconnaissance, credential theft, clipboard tampering, screenshot capture, arbitrary shell execution, and USB data collection. The activity is associated with SideCopy and APT36 (aka Transparent Tribe), and earlier documentation placed DeskRAT use in October 2025 and a Geta RAT attack chain in late December 2025.

    Show sources