← All stories
● Covered by 1 source Β· 1 reportHigh impact

Cybersecurity Threats: Spyware from Game Cheats and Fake Installer RATs Target Users

Aggregated by BrevFeed security Β· updated 1h ago
πŸ”– Save

Cybersecurity researchers identified malicious NuGet packages disguised as game utilities that install spyware. Additionally, a financially motivated group is using trojanized software installers to deploy a sophisticated remote access tool aimed at U.S. and European users.

Key points

Malicious NuGet Packages Installed as Game Utilities

Cybersecurity researchers reported the presence of 11 malicious NuGet packages masked as .NET command-line tools. These packages refer to themselves as game utilities, with their primary function being to download and execute a second-stage Python payload named 'pepesoft.exe'.

The payload employs AWS-style keys to retrieve remote configurations and can communicate with Google Sheets. It is also designed to send screenshots via Telegram bot commands.

Trojanized Software Installers Used by UAT-11795

The financially motivated group UAT-11795 has been running campaigns using trojanized installers for various software, including developer tools and gaming applications. This has been ongoing since at least June 2025, targeting users in the U.S. and Europe. They deploy the Starland RAT and the WLDR command-and-control memory implant.

The WLDR agent showcases advanced capabilities, including encrypted communication and a Runspace execution engine, enabling it to execute further payloads. Victims’ credentials and cryptocurrency wallets are specific targets of the malware.

Impact and Response

The majority of infections are reported in the U.S. with few impacts noted in Germany, indicating a geographic targeting strategy. Organizations may need to enhance security measures against such sophisticated threats. Immediate awareness and responsiveness are essential to mitigate potential damage.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

CVE CVE-2026-468179.8 CRITICAL CVE CVE-2023-43467.5 HIGH CVE CVE-2026-352739.8 CRITICAL

Reporting from

Cybersecurity researchers identified malicious NuGet packages disguised as game utilities that install spyware. Additionally, a financially motivated group is using trojanized software installers to deploy a sophisticated remote access tool aimed at U.S. and European users.