Tech News
← Back to articles

WebRAT malware spread via fake vulnerability exploits on GitHub

2025-12-23 | original
read original related products more articles

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities.

Previously spread through pirated software and cheats for games like Roblox, Counter Strike, and Rust, WebRAT is a backdoor with info-stealing capabilities that emerged at the beginning of the year.

According to a report from Solar 4RAYS in May, WebRAT can steal credentials for Steam, Discord, and Telegram accounts, as well as cryptocurrency wallet data. It can also spy on victims through webcams and capture screenshots.

Since at least September, the operators started to deliver the malware through carefully crafted repositories claiming to provide an exploit for several vulnerabilities that had been covered in media reports. Among them were:

CVE-2025-59295 – A heap-based buffer overflow in the Windows MSHTML/Internet Explorer component, enabling arbitrary code execution via specially crafted data sent over the network.

– A heap-based buffer overflow in the Windows MSHTML/Internet Explorer component, enabling arbitrary code execution via specially crafted data sent over the network. CVE-2025-10294 – A critical authentication bypass in the OwnID Passwordless Login plugin for WordPress. Due to improper validation of a shared secret, unauthenticated attackers could log in as arbitrary users, including administrators, without credentials.

– A critical authentication bypass in the OwnID Passwordless Login plugin for WordPress. Due to improper validation of a shared secret, unauthenticated attackers could log in as arbitrary users, including administrators, without credentials. CVE-2025-59230 – An elevation-of-privilege (EoP) vulnerability in Windows’ Remote Access Connection Manager (RasMan) service. A locally authenticated attacker could exploit improper access control to escalate their privileges to SYSTEM level on affected Windows installations.

Security researchers at Kaspersky discovered 15 repositories distributing WebRAT, all of them providing information about the issue, what the alleged exploit does, and the available mitigations.

Due to the way the information is structured, Kaspersky believes that the text was generated using an artificial intelligence model.

Bug descriptions in the malicious repositories

... continue reading

Related:
NPM Package with 56K Downloads Caught Stealing WhatsApp Messages
Lotusbail npm package found to be harvesting WhatsApp messages and contacts
Uzbek Users Under Attack by Android SMS-Stealers
MacSync Stealer variant finds a way to bypass Apple malware protections
French authorities arrest man for installing malware on a passenger ferry on behalf of 'a foreign power' — could have enabled external control of systems, including navigation

© 2025 GoKawiil