← All stories
● Covered by 1 source Β· 1 reportHigh impact

LabubaRAT Trojan Disguised as NVIDIA Software Targets Windows Systems

Aggregated by BrevFeed security Β· updated 15h ago
πŸ”– Save

Researchers discovered LabubaRAT, a new Rust-based remote access trojan masquerading as NVIDIA software. Its ability to blend into target environments and perform extensive monitoring and control functions poses significant risks for affected systems and organizations.

Key points

Overview of LabubaRAT

LabubaRAT is a newly identified Rust-based remote access trojan (RAT) that has been flagged by cybersecurity experts. It employs an executable named 'nvidia-sysruntime.exe' to disguise itself as legitimate NVIDIA software, allowing it to seamlessly blend into targeted Windows environments.

Functionality and Communication

Once deployed, LabubaRAT can perform various malicious activities including profiling the host system, identifying installed security tools, and receiving commands from operators. It supports multiple communication channels, such as HTTPS and DNS tunneling, which enhances its persistence even if one access point is shut down.

Attack Vector and Configuration

The trojan utilizes command-line arguments for runtime configuration, allowing attackers to adjust parameters like server details ('pipicka[.]xyz') and polling intervals. This flexibility means the same compiled binary can be repurposed across different campaigns without hard-coded server references.

Discovery Operations

Upon launch, LabubaRAT conducts discovery operations to gather information about the target system. It inventories installed web browsers and security products, including Google Chrome, Microsoft Defender, and Kaspersky. This information allows attackers to tailor their strategies based on the security environment of the host.

Risk Assessment

The emergence of LabubaRAT is concerning due to its sophisticated evasion tactics and its potential distribution as malware-as-a-service. Organizations need to remain vigilant against such sophisticated threats that exploit trusted software identities.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

Researchers discovered LabubaRAT, a new Rust-based remote access trojan masquerading as NVIDIA software. Its ability to blend into target environments and perform extensive monitoring and control functions poses significant risks for affected systems and organizations.