VileRAT Attacking Windows Machines via Malicious Software

02-Feb-24

A new variant of VileRAT is being distributed through fake software pirate websites to infect Windows systems on a large scale.


This Python-based VileRAT malware family is believed to be specific to the Evilnum threat group, DeathStalker, which has been active since August 2023.


It is frequently observed being spread by the VileLoader loader, which is designed to run VileRAT in-memory and limit on-disk artifacts.


It functions similarly to conventional remote access tools, allowing attackers to record keystrokes, run commands, and obtain information remotely. Because VileRAT is extensible and modular, actors can use the framework to implement new features.

Read More…