Trojanized Gaming Tools Distribute Java-Based RAT via Browser and Chat Platforms

Timeline

1. 27.02.2026 12:06 1 articles · 4h ago

   Trojanized Gaming Tools Distribute Java-Based RAT via Browser and Chat Platforms

   Threat actors are distributing a Java-based remote access trojan (RAT) through trojanized gaming utilities spread via browsers and chat platforms. The malware uses PowerShell and living-off-the-land binaries (LOLBins) for stealthy execution and evades detection by deleting the initial downloader and configuring Microsoft Defender exclusions. The RAT connects to a command-and-control (C2) server for data exfiltration and additional payload deployment. The disclosure coincides with the emergence of Steaelite, a new Windows RAT malware family advertised on criminal forums, which combines data theft and ransomware capabilities in a single web panel. Additionally, two new RAT families, DesckVB RAT and KazakRAT, have been discovered, enabling comprehensive remote control over infected hosts.

   Show sources

   • Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06

   Open in new tab

Information Snippets

• The attack chain involves a malicious downloader that stages a portable Java runtime and executes a malicious Java archive (JAR) file named jd-gui.jar.

  First reported: 27.02.2026 12:06
  1 source, 1 article
  Show sources

  • Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06

• The downloader uses PowerShell and LOLBins like cmstp.exe for stealthy execution.

  First reported: 27.02.2026 12:06
  1 source, 1 article
  Show sources

  • Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06

• The malware deletes the initial downloader and configures Microsoft Defender exclusions for the RAT components.

  First reported: 27.02.2026 12:06
  1 source, 1 article
  Show sources

  • Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06

• Persistence is achieved through a scheduled task and a Windows startup script named 'world.vbs'.

  First reported: 27.02.2026 12:06
  1 source, 1 article
  Show sources

  • Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06

• The RAT connects to a C2 server at '79.110.49[.]15' for command-and-control communications.

  First reported: 27.02.2026 12:06
  1 source, 1 article
  Show sources

  • Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06

• Steaelite RAT combines data theft and ransomware capabilities in a single web panel, with an Android ransomware module on the way.

  First reported: 27.02.2026 12:06
  1 source, 1 article
  Show sources

  • Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06

• Steaelite supports remote code execution, file management, live streaming, webcam and microphone access, and various other malicious functionalities.

  First reported: 27.02.2026 12:06
  1 source, 1 article
  Show sources

  • Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06

• DesckVB RAT and KazakRAT are two new RAT families discovered recently, enabling comprehensive remote control over infected hosts.

  First reported: 27.02.2026 12:06
  1 source, 1 article
  Show sources

  • Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06

• KazakRAT is suspected to be the work of a state-affiliated cluster targeting Kazakh and Afghan entities since at least August 2022.

  First reported: 27.02.2026 12:06
  1 source, 1 article
  Show sources

  • Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06