Cybersecurity researchers have uncovered a new campaign utilizing GitHub repositories to distribute PyStoreRAT, a modular JavaScript-based Remote Access Trojan. The campaign employs legitimate-looking development tools to stealthily deliver malware capable of system profiling, data theft, and remote command execution. #PyStoreRAT #SetcodeRat
Keypoints
- Cybercriminals use GitHub repositories disguised as development tools to deliver malicious payloads.
- PyStoreRAT can execute multiple modules, including EXE, DLL, PowerShell, and JavaScript, for maintaining persistence and evading detection.
- The attack chain involves delivering remote HTA files that initiate PyStoreRAT and its follow-on payload Rhadamanthys.
- Chinese security researchers warn of SetcodeRat, a RAT targeting Chinese users through region-specific malware disguised as legitimate installers.
li>The malware checks for security products and specific strings to avoid detection before executing commands.
Read More: https://thehackernews.com/2025/12/fake-osint-and-gpt-utility-github-repos.html