Steaelite Windows RAT with FUD and multi-function capabilities
Malware Activity
Summary
Hide ▲
Show ▼
The Steaelite Windows RAT is being marketed as a fully undetectable tool for Windows 10 and 11, giving operators browser-based control over infected machines and enabling credential theft, surveillance, and ransomware deployment. It was first advertised on criminal forums in November 2025, making the malware family newly visible to defenders and buyers. Its bundled capabilities increase the risk of double extortion from a single operator dashboard.
Related Happenings
Edgecution malicious Microsoft Edge extension backdoor activity
Malware Activity
H score23
First: 24.06.2026 23:58
Last: 24.06.2026 23:58
Sources 1
About this happening:
The **Edgecution** malware is extending a **Microsoft Edge** browser foothold into host-level compromise by abusing **Chrome Native Messaging** and launching a **Python-based back...
Edgecution malicious Microsoft Edge extension backdoor activity
Malware ActivityAbout this happening: The **Edgecution** malware is extending a **Microsoft Edge** browser foothold into host-level compromise by abusing **Chrome Native Messaging** and launching a **Python-based back...
Gentlemen ransomware EDR-killer tooling
Malware Activity
H score35
First: 19.06.2026 01:31
Last: 19.06.2026 01:31
Sources 1
About this happening:
**Gentlemen ransomware-as-a-service (RaaS)** is actively maintaining a suite of **EDR killers** led by **GentleKiller** to disable endpoint defenses before encryption. ESET says t...
Gentlemen ransomware EDR-killer tooling
Malware ActivityAbout this happening: **Gentlemen ransomware-as-a-service (RaaS)** is actively maintaining a suite of **EDR killers** led by **GentleKiller** to disable endpoint defenses before encryption. ESET says t...
JustAskJacky fake AI assistant malware campaign
Campaign
H score33
First: 04.06.2026 17:00
Last: 04.06.2026 17:00
Sources 1
About this happening:
The **JustAskJacky** campaign is distributing a fake **AI assistant** that installs a **backdoor**, turning trusted-looking software into a malware delivery path. The operation us...
JustAskJacky fake AI assistant malware campaign
CampaignAbout this happening: The **JustAskJacky** campaign is distributing a fake **AI assistant** that installs a **backdoor**, turning trusted-looking software into a malware delivery path. The operation us...
Atlas RAT and related loaders deployed for remote access and credential theft
Malware Activity
H score33
First: 04.06.2026 00:45
Last: 04.06.2026 00:45
Sources 1
About this happening:
**TA4922**, a **China-linked** and likely **financially motivated** malware activity, has expanded beyond **East Asia** into **Europe** and **Africa**. The group uses **Atlas RAT*...
Atlas RAT and related loaders deployed for remote access and credential theft
Malware ActivityAbout this happening: **TA4922**, a **China-linked** and likely **financially motivated** malware activity, has expanded beyond **East Asia** into **Europe** and **Africa**. The group uses **Atlas RAT*...
AI-built ransomware toolkit with AD discovery and EDR evasion
Malware Activity
H score36
First: 02.06.2026 23:01
Last: 02.06.2026 23:01
Sources 1
About this happening:
A **customer-detected** AI-built ransomware toolkit is automating **Active Directory discovery** and **EDR evasion**, increasing the chance that payloads slip past security contro...
AI-built ransomware toolkit with AD discovery and EDR evasion
Malware ActivityAbout this happening: A **customer-detected** AI-built ransomware toolkit is automating **Active Directory discovery** and **EDR evasion**, increasing the chance that payloads slip past security contro...
Timeline
-
27.02.2026 12:06 2 articles · 4mo ago
Steaelite Windows RAT disclosed with FUD marketing and browser-based control
Initial DisclosureBlackFog disclosed Steaelite, a new Windows RAT family first advertised on criminal forums in November 2025 as a "best Windows RAT" with "fully undetectable" (FUD) capabilities. Steaelite targets Windows 10 and 11 through a browser-based web panel and combines remote code execution, live surveillance, file exfiltration, password theft, persistence, Microsoft Defender disabling, and ransomware deployment from one dashboard.
Show sources
- Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06
- Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06