AsyncRAT has emerged as a notable Remote Access Trojan (RAT) used by threat actors for its robust capabilities and ease of deployment. It gained favor for its extensive feature set, which includes keylogging, screen capturing, and remote command execution capabilities.
Its modular architecture, typically implemented in Python, provides flexibility and ease of customization, making it a preferred tool of choice for cybercriminals. During Trend Micro investigation of AsyncRAT infections, we observed Python scripts playing a central role in the infection chain, automating various stages of the attack. The initial payload, a Windows Script Host (WSH) file, was designed to download and execute additional malicious scripts hosted on a WebDAV server.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Void Dokkaebi uses fake job interview lure to spread malware via code repositories
April 21, 2026
Void Dokkaebi, also tracked as Famous Chollima, is a North Korea-aligned intrusion set that systematically targets software developers who hold cryptocurrency wallet credentials, signing keys, and access to continuous integration/continuous delivery (CI/CD) pipelines and production infrastructure. As previously documented by TrendAI Research, the group poses as recruiters from cryptocurrency and AI firms, luring developers into cloning ...
- Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul
April 21, 2026
UK enterprise software consultancy The Adaptavist Group is investigating a security breach after an intruder logged in with stolen credentials, while a ransomware crew claims it grabbed far more than the company is currently admitting. In a letter to customers, Adaptavist’s CEO Simon Haighton-Williams said the biz detected an “IT security incident” in late March after ...
- Amtrak data breach exposes 2.1M records, reports suggest larger leak
April 20, 2026
Booking a train ticket shouldn’t come with a side of data exposure, but that’s the situation Amtrak customers are now facing. The rail service is dealing with a breach after hackers claimed to have accessed and released millions of customer records online. The exposed dataset was confirmed to contain at least 2.1 million unique accounts, although ...
- North Korean hackers blamed for $290M crypto theft
April 20, 2026
Over the weekend, hackers stole more than $290 million in cryptocurrency from Kelp DAO, a protocol that allows users to earn yields on idle crypto investments. By Monday, LayerZero, one of the projects affected by the hack, accused North Korea of carrying out the heist. The hack is now the largest crypto theft of the year ...
- Mythos: An AI tool too powerful for public release
April 20, 2026
Anthropic’s most capable model to date, Claude Mythos Preview (aka Mythos), has been described as a “step change” in AI performance, especially on cybersecurity tasks. Anthropic tried to keep Mythos a secret until a few weeks ago, when a data leak revealed the existence of what the company said was its most powerful artificial intelligence to ...
- Hackers are abusing Apple account notifications to distribute malware, steal money and data
April 20, 2026
Scammers have found a way to abuse Apple’s email notification system to deliver phishing messages and trick people into giving away sensitive data and system access. Recently, people started receiving emails from the email.apple.com domain, notifying them of a $899 iPhone purchase via PayPal. The email also shared a phone number for the victims to call, ...