New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code

Kaspersky Detected a New Remote Access Trojan Targeting Financial Institutions Through Skype Messenger

Kaspersky’s Global Research and Analysis Team (GReAT) has uncovered GodRAT — a new Remote Access Trojan distributed via malicious screensaver files disguised as financial documents and delivered through Skype messenger until March 2025, subsequently transitioning to other channels. SMBs in UAE, Hong Kong, Jordan and Lebanon were targeted throughout this campaign. The threat actor deployed a newly identified Remote Access Trojan (RAT) named GodRA…

New GodRAT Malware Uses Screensaver And Program Files To Target Organizations - Cybernoz - Cybersecurity News

Threat actors have been deploying a novel Remote Access Trojan (RAT) dubbed GodRAT, derived from the venerable Gh0st RAT codebase, to infiltrate financial institutions, particularly trading and brokerage firms. The malware is distributed via Skype as malicious .scr (screensaver) and .pif (Program Information File) executables masquerading as legitimate financial documents, such as client lists or transaction data. This tactic exploits user trust…

New GodRAT Malware Uses Screensaver and Program Files to Target Organizations

Threat actors have been deploying a novel Remote Access Trojan (RAT) dubbed GodRAT, derived from the venerable Gh0st RAT codebase, to infiltrate financial institutions, particularly trading and brokerage firms. The malware is distributed via Skype as malicious .scr (screensaver) and .pif (Program Information File) executables masquerading as legitimate financial documents, such as client lists or […] The post New GodRAT Malware Uses Screensaver …

New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code

Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access trojan called GodRAT. The malicious activity involves the "distribution of malicious .SCR (screen saver) files disguised as financial documents via Skype messenger," Kaspersky researcher Saurabh Sharma said in a technical analysis published today. The

Gh0st RAT-based GodRAT attacks financial organizations

Summary In September 2024, we detected malicious activity targeting financial (trading and brokerage) firms through the distribution of malicious .scr (screen saver) files disguised as financial documents via Skype messenger. The threat actor deployed a newly identified Remote Access Trojan (RAT) named GodRAT, which is based on the Gh0st RAT codebase. To evade detection, the attackers used steganography to embed shellcode within image files. Thi…