Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Steaelite Windows RAT with FUD and multi-function capabilities

Malware Activity
First reported
Last updated
Happening score
H score 12
1 unique sources, 1 articles

Summary

Hide ▲

The Steaelite Windows RAT is being marketed as a fully undetectable tool for Windows 10 and 11, giving operators browser-based control over infected machines and enabling credential theft, surveillance, and ransomware deployment. It was first advertised on criminal forums in November 2025, making the malware family newly visible to defenders and buyers. Its bundled capabilities increase the risk of double extortion from a single operator dashboard.

Related Happenings

Microsoft Defender for Endpoint automatic endpoint isolation preview

Security Tool/Service
First: 26.05.2026 15:19 Last: 26.05.2026 15:19 Sources 1

About this happening: Microsoft is previewing **automatic isolation** for compromised endpoints in **Defender for Endpoint**, reducing **lateral movement** risk on managed workstations. The capability...

Open Happening

MuddyWater Microsoft Teams social-engineering campaign with Chaos ransomware decoy

Campaign
First: 06.05.2026 16:02 Last: 06.05.2026 16:02 Sources 1

About this happening: The **MuddyWater** campaign used **Microsoft Teams** social engineering and a **Chaos ransomware** decoy to gain access, steal credentials, and establish persistence. The operatio...

Open Happening

GopherWhisper Go-based malware toolkit with Slack, Discord, and Outlook C2

Malware Activity
First: 23.04.2026 15:06 Last: 23.04.2026 15:06 Sources 1

About this happening: The **GopherWhisper** malware set now combines **Go-based backdoors** and **exfiltration tools** that abuse **Slack**, **Discord**, **Microsoft 365 Outlook**, and **Microsoft Grap...

Open Happening

GoGra Linux backdoor uses Microsoft Graph API and Outlook for covert command delivery

Malware Activity
First: 22.04.2026 13:00 Last: 22.04.2026 13:00 Sources 1

About this happening: The **GoGra** malware family now includes a **Linux backdoor variant** that uses **Microsoft Graph API** and an **Outlook inbox** for covert command delivery, making operator comm...

Open Happening

VENOM closed-access PhaaS operating model limits researcher visibility

Threat Actor Meta
First: 10.04.2026 00:37 Last: 10.04.2026 00:37 Sources 1

About this happening: **VENOM** is operating as a **closed-access phishing-as-a-service** platform, reducing researcher visibility while supporting **underground credential theft**. The service targets...

Open Happening

Timeline

  1. 27.02.2026 12:06 2 articles · 2mo ago

    Steaelite Windows RAT disclosed with FUD marketing and browser-based control

    Initial Disclosure

    BlackFog disclosed Steaelite, a new Windows RAT family first advertised on criminal forums in November 2025 as a "best Windows RAT" with "fully undetectable" (FUD) capabilities. Steaelite targets Windows 10 and 11 through a browser-based web panel and combines remote code execution, live surveillance, file exfiltration, password theft, persistence, Microsoft Defender disabling, and ransomware deployment from one dashboard.

    Show sources
    Open in new tab