Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Geta RAT, Ares RAT, and DeskRAT cross-platform credential-theft activity

Malware Activity
First reported
Last updated
Happening score
H score 45
2 unique sources, 2 articles

Summary

Hide ▲

Geta RAT, Ares RAT, and DeskRAT are being deployed across Windows and Linux in phishing-led intrusions that enable credential theft, persistent access, and remote control of infected systems. The malware families are being used against Indian defense, government-aligned, and adjacent strategic organizations. Their capabilities include reconnaissance, data collection, clipboard abuse, screenshot capture, arbitrary shell execution, and USB harvesting. The cross-platform mix makes the activity harder to detect and gives operators durable post-compromise access.

Related Happenings

ScarCruft sqgame[.]net supply-chain espionage campaign

Campaign
First: 05.05.2026 12:07 Last: 05.05.2026 12:07 Sources 1

About this happening: **ScarCruft**'s **late-2024** supply-chain campaign against **sqgame[.]net** expanded a niche gaming platform compromise into a **multi-platform espionage channel**. The operation...

Open Happening

Vidar infostealer market rise and distribution expansion

Malware Activity
First: 28.04.2026 22:07 Last: 28.04.2026 22:07 Sources 1

About this happening: **Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...

Open Happening

The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up

Threat Actor Meta
First: 21.04.2026 17:00 Last: 21.04.2026 17:00 Sources 1

About this happening: **The Gentlemen ransomware gang** is using a **legitimate vulnerable driver** to defeat enterprise defenses, weaponizing **ThrottleStop.sys** as **ThrottleBlood.sys** to kill **AV...

Open Happening

Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery

Security Tool/Service
First: 08.04.2026 12:16 Last: 08.04.2026 12:16 Sources 1

About this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...

Latest development: 23.05.2026 14:55

Anthropic said Project Glasswing has uncovered more than 10,000 high- or critical-severity vulnerabilities across widely used software since the program launched last month, including 6,202 high/critical flaws affecting more than 1,000 open-source projects, 1,726 validated true positives, 1,094 high/critical flaws, a critical WolfSSL flaw tracked as CVE-2026-5194 with CVSS score 9.1, 97 upstream patches, and 88 advisories.

Open Happening

ComfyUI cryptomining and proxy botnet campaign targeting exposed instances

Campaign
First: 07.04.2026 15:46 Last: 07.04.2026 15:46 Sources 1

About this happening: An **active ComfyUI campaign** is scanning exposed instances, exploiting unsafe custom nodes, and enlisting compromised hosts into a **cryptomining and proxy botnet**. The operati...

Open Happening

Timeline

  1. 11.02.2026 16:52 3 articles · 3mo ago

    Cross-platform RAT campaigns against Indian entities disclosed

    Initial Disclosure

    Aryaka describes phishing-led campaigns against Indian defense, government, and strategic entities that use malicious attachments, embedded download links, Windows shortcuts (LNK), ELF binaries, and rogue PowerPoint Add-In files to drop Geta RAT, Ares RAT, and DeskRAT on Windows and Linux systems, enabling persistent access, reconnaissance, credential theft, clipboard tampering, screenshot capture, arbitrary shell execution, and USB data collection. The activity is associated with SideCopy and APT36 (aka Transparent Tribe), and earlier documentation placed DeskRAT use in October 2025 and a Geta RAT attack chain in late December 2025.

    Show sources
    Open in new tab