Trojanized Gaming Tools Distribute Java-Based RAT via Browser and Chat Platforms
Summary
Hide ▲
Show ▼
Threat actors are distributing a Java-based remote access trojan (RAT) through trojanized gaming utilities spread via browsers and chat platforms. The malware uses PowerShell and living-off-the-land binaries (LOLBins) for stealthy execution and evades detection by deleting the initial downloader and configuring Microsoft Defender exclusions. The RAT connects to a command-and-control (C2) server for data exfiltration and additional payload deployment. The disclosure coincides with the emergence of Steaelite, a new Windows RAT malware family advertised on criminal forums, which combines data theft and ransomware capabilities in a single web panel. Additionally, two new RAT families, DesckVB RAT and KazakRAT, have been discovered, enabling comprehensive remote control over infected hosts.
Timeline
-
27.02.2026 12:06 1 articles · 4h ago
Trojanized Gaming Tools Distribute Java-Based RAT via Browser and Chat Platforms
Threat actors are distributing a Java-based remote access trojan (RAT) through trojanized gaming utilities spread via browsers and chat platforms. The malware uses PowerShell and living-off-the-land binaries (LOLBins) for stealthy execution and evades detection by deleting the initial downloader and configuring Microsoft Defender exclusions. The RAT connects to a command-and-control (C2) server for data exfiltration and additional payload deployment. The disclosure coincides with the emergence of Steaelite, a new Windows RAT malware family advertised on criminal forums, which combines data theft and ransomware capabilities in a single web panel. Additionally, two new RAT families, DesckVB RAT and KazakRAT, have been discovered, enabling comprehensive remote control over infected hosts.
Show sources
- Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06
Information Snippets
-
The attack chain involves a malicious downloader that stages a portable Java runtime and executes a malicious Java archive (JAR) file named jd-gui.jar.
First reported: 27.02.2026 12:061 source, 1 articleShow sources
- Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06
-
The downloader uses PowerShell and LOLBins like cmstp.exe for stealthy execution.
First reported: 27.02.2026 12:061 source, 1 articleShow sources
- Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06
-
The malware deletes the initial downloader and configures Microsoft Defender exclusions for the RAT components.
First reported: 27.02.2026 12:061 source, 1 articleShow sources
- Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06
-
Persistence is achieved through a scheduled task and a Windows startup script named 'world.vbs'.
First reported: 27.02.2026 12:061 source, 1 articleShow sources
- Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06
-
The RAT connects to a C2 server at '79.110.49[.]15' for command-and-control communications.
First reported: 27.02.2026 12:061 source, 1 articleShow sources
- Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06
-
Steaelite RAT combines data theft and ransomware capabilities in a single web panel, with an Android ransomware module on the way.
First reported: 27.02.2026 12:061 source, 1 articleShow sources
- Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06
-
Steaelite supports remote code execution, file management, live streaming, webcam and microphone access, and various other malicious functionalities.
First reported: 27.02.2026 12:061 source, 1 articleShow sources
- Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06
-
DesckVB RAT and KazakRAT are two new RAT families discovered recently, enabling comprehensive remote control over infected hosts.
First reported: 27.02.2026 12:061 source, 1 articleShow sources
- Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06
-
KazakRAT is suspected to be the work of a state-affiliated cluster targeting Kazakh and Afghan entities since at least August 2022.
First reported: 27.02.2026 12:061 source, 1 articleShow sources
- Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms — thehackernews.com — 27.02.2026 12:06