WebRAT malware is now being distributed through GitHub repositories claiming to host exploits for recent vulnerabilities, with the malware capable of stealing credentials and spying on victims. The campaign uses fake exploit files to deliver the backdoor and has targeted multiple critical system vulnerabilities. #WebRAT #GitHubMalware
Keypoints
- WebRAT malware is distributed via malicious GitHub repositories disguised as exploit proofs-of-concept.
- The malware can steal credentials from gaming and messaging platforms, and access cryptocurrency wallets.
- Operators exploit vulnerabilities such as CVE-2025-59295, CVE-2025-10294, and CVE-59230 to deliver WebRAT.
- The malware maintains persistence through Registry modifications, Task Scheduler, and system directory injections.
- Kaspersky has identified 15 repositories distributing WebRAT, which have now been removed.