Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Dangerous WebRAT Malware Now Being Spread by GitHub Repositories

Kaspersky uncovered 15 fake GitHub exploit repositories distributing WebRAT malware that steals credentials and disables Windows Defender, with the campaign active since September 2025.

  • Recently, Kaspersky researchers found 15 repositories on GitHub distributing WebRAT disguised as proof-of-concept exploits.
  • Threat actors lured developers and security researchers with fake proof-of-concept repositories on GitHub, delivering password-protected ZIP archives containing decoys and the dropper rasmanesc.exe.
  • Kaspersky noted WebRAT acts as a backdoor and infostealer, stealing Steam, Discord, Telegram credentials, cryptocurrency wallets, and spying via webcams while persisting through Windows Registry and Task Scheduler edits.
  • GitHub removed all malicious repositories Kaspersky uncovered, but victims who downloaded packages must manually remove WebRAT and stay cautious of similar threats.
  • Amid rising use of Gen AI, cybercriminals target security researchers with fake PoC exploits on popular repositories, including recent LDAPNightmare lures, while analysts warn more malicious packages may exist and advise isolating untrusted code.
Insights by Ground AI

11 Articles

Tech RadarTech Radar
Reposted by
technewstube.comtechnewstube.com
Center

Dangerous WebRAT malware now being spread by GitHub repositories

Security researchers find 15 malicious repositories, all deploying a dropper for the WebRAT backdoor.

·United Kingdom
Read Full Article
BleepingComputerBleepingComputer
Center

WebRAT malware spread via fake vulnerability exploits on GitHub

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities.

Read Full Article
CSO OnlineCSO Online

Webrat turns GitHub PoCs into a malware trap

Security professionals hunting PoCs and exploit code on GitHub might soon walk into a trap, as attackers redirect a known RAT toward them. Researchers have uncovered a stealthy campaign in which the Webrat Trojan, known for months to hide inside game cheats and cracked software, is now posing as proof-of-concept exploit repositories on GitHub to trick unsuspecting security researchers. The clever decoy and the unexpected target set the campaign …

Read Full Article
archydearchyde

Threat Actors Distribute WebRAT via Fake GitHub Exploit Repositories Targeting Recent CVEs

Archyde Breaking: WebRAT Malware Returns, Peddled on github as Fake Exploits for Recent Vulnerabilities Cybersecurity researchers warn that WebRAT, a backdoor capable of stealing credentials and spying on victims, is circulating… You can read the full story here: Threat Actors Distribute WebRAT via Fake GitHub Exploit Repositories Targeting Recent CVEs.

Read Full Article
cybernoz.comcybernoz.com

WebRAT Malware Spread Via Fake Vulnerability Exploits On GitHub - Cybernoz - Cybersecurity News

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. Previously spread through pirated software and cheats for games like Roblox, Counter Strike, and Rust, WebRAT is a backdoor with info-stealing capabilities that emerged at the beginning of the year. According to a report from Solar 4RAYS in May, WebRAT can steal credentials for Steam, Discor…

Read Full Article
Help Net SecurityHelp Net Security
Reposted by
IT Security News - cybersecurity, infosecurity newsIT Security News - cybersecurity, infosecurity news

Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits

Attackers are targeting budding security professionals and aspiring hackers with malware by offering PoC exploits for known vulnerabilities.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

securelist.com broke the news in on Tuesday, December 23, 2025.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Cyberattacks icon

Cyberattacks

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal