Find notable cyber news and cases, enriched with sources, timelines, and signals.

LabubaRAT Rust RAT masquerading as NVIDIA software on Windows

Malware Activity
First reported
Last updated
Happening score
H score 24
1 unique sources, 1 articles

Summary

Hide ▲

A newly documented Rust-based RAT, LabubaRAT, now gives operators Windows host control with file movement, screenshot capture, and traffic proxying. The malware masquerades as NVIDIA software and uses nvidia-sysruntime.exe to blend into target environments. It can communicate over HTTPS, WebView2, or DNS tunneling, which makes shutdown harder once it lands. Researchers also saw signs of a malware-as-a-service model, which could widen reuse across deployments.

Related Happenings

SprySOCKS Windows backdoor activity against government organizations

Malware Activity
H score23 First: 16.06.2026 12:00 Last: 16.06.2026 12:00 Sources 1

About this happening: **SprySOCKS** now has documented **Windows variants**, **WIN_DRV** and **WIN_PLUS**, expanding a toolset first known as a **Linux-only backdoor**. The activity is tied to **govern...

OnyxC2 stealer remote-access and credential-theft activity

Malware Activity
H score23 First: 11.06.2026 16:00 Last: 11.06.2026 16:00 Sources 1

About this happening: The **OnyxC2 stealer** has expanded into **remote-access and persistence-enabled credential theft**, giving buyers a way to harvest browser, extension, wallet, and business-app da...

GPU cryptomining malware using ScreenConnect and SEO poisoning

Malware Activity
H score16 First: 28.05.2026 00:31 Last: 28.05.2026 00:31 Sources 1

About this happening: A **cryptojacking malware operation** is spreading through **SEO-poisoned download pages** and, in some cases, **AI chatbot recommendations**, putting **high-performance Windows s...

ABCDoor backdoor activity in Silver Fox attacks

Malware Activity
H score23 First: 04.05.2026 14:35 Last: 04.05.2026 14:35 Sources 1

About this happening: The newly identified **ABCDoor** backdoor is being used in **real-world attacks** by **Silver Fox**, expanding the group's malware set and increasing the risk of covert remote acc...

DRILLAPP JavaScript backdoor through Microsoft Edge

Malware Activity
H score24 First: 16.03.2026 11:07 Last: 16.03.2026 11:07 Sources 1

About this happening: Observed in **February 2026**, the **DRILLAPP** backdoor now runs through **Microsoft Edge**, giving it **file access** plus access to the **microphone**, **webcam**, and **screen...

Timeline

  1. 14.07.2026 19:52 2 articles · 1h ago

    Blackpoint Cyber identifies LabubaRAT masquerading as NVIDIA software on Windows hosts

    Technical Analysis Update

    Blackpoint Cyber identifies LabubaRAT as a previously undocumented Rust-based remote access trojan that blends into Windows environments by masquerading as NVIDIA software. The malware starts from nvidia-sysruntime.exe, accepts runtime command-line configuration instead of hard-coded C2 data, stores settings in a local SQLite database, profiles the host and installed security tools, and supports command execution, PowerShell execution, JavaScript execution, screenshot capture, file upload and download, archive handling, SOCKS5 proxy support, HTTPS, WebView2, and DNS tunneling.

    Show sources