Ethical Hacking News
Cybersecurity experts have sounded the alarm over the spread of Trojanized gaming tools that are distributing Java-based Remote Access Trojans (RATs) via browsers and chat platforms. This malicious activity poses a significant threat to individual users and organizations alike, highlighting the need for heightened vigilance and proactive measures to mitigate this risk.
Trojanized gaming tools are spreading Java-based Remote Access Trojans (RATs) via browsers and chat platforms. Threat actors are luring users into running malicious utilities to distribute the RAT. The attack chain involves stealthy steps like PowerShell and LOLBins, bypassing detection by security software. The RAT connects to an external server for command-and-control (C2) communications and exfiltrates data. Java-based RATs have been on the rise, exploiting vulnerabilities in Java-based applications. A new Windows RAT malware family called Steaelite has been disclosed with fully undetectable capabilities. The Steaelite RAT offers features like keylogging, file searching, and wallpaper modification. Two new RAT families, DesckVB RAT and KazakRAT, have been discovered with comprehensive remote control over infected hosts. Users are advised to audit Microsoft Defender exclusions and scheduled tasks to mitigate the risk. Organizations must prioritize cybersecurity awareness training for employees and implement robust security measures to prevent similar attacks.
The cybersecurity landscape has recently been marred by a disturbing trend that has seen Trojanized gaming tools spreading Java-based Remote Access Trojans (RATs) via browsers and chat platforms. This malicious activity has been observed to pose a significant threat to the security of individual users and organizations alike, highlighting the need for heightened vigilance and proactive measures to mitigate this risk.
According to recent reports from reputable sources, including The Hacker News, a trusted cybersecurity news platform with over 5.20 million followers, threat actors have been luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms. These malicious tools have been designed to distribute the Java-based RAT, which can be used to gain unauthorized access to compromised hosts.
The attack chain employed by these threat actors involves a series of stealthy steps, including the use of PowerShell and living-off-the-land binaries (LOLBins) like cmstp.exe for execution. The malicious downloader uses a portable Java runtime and executes a malicious Java archive (JAR) file named jd-gui.jar, which is designed to bypass detection by security software.
Once launched, the RAT connects to an external server at "79.110.49[.]15" for command-and-control (C2) communications, allowing it to exfiltrate data and deploy additional payloads. The malware, per Microsoft, is a "multi-purpose malware" that acts as a loader, runner, downloader, and RAT.
The use of Java-based RATs has been on the rise in recent times, with various threat actors exploiting vulnerabilities in Java-based applications to spread these malicious tools. The fact that these RATs can be distributed via browsers and chat platforms highlights the growing threat landscape of online vulnerabilities.
In addition to this, a new Windows RAT malware family called Steaelite has been disclosed by BlackFog, which was first advertised on criminal forums in November 2025 as a "best Windows RAT" with "fully undetectable" (FUD) capabilities. This malware is compatible with both Windows 10 and 11 and bundles together data theft and ransomware, packaging them into one web panel.
The Steaelite RAT offers a range of features that make it an attractive tool for threat actors, including keylogging, client-to-victim chat, file searching, USB spreading, wallpaper modification, UAC bypass, and clipper functionality. This malware also enables complete double extortion from one tool, allowing a single threat actor to browse files, exfiltrate documents, harvest credentials, and deploy ransomware from the same dashboard.
Furthermore, two new RAT families tracked as DesckVB RAT and KazakRAT have been discovered that enable comprehensive remote control over infected hosts and even selectively deploy capabilities post-compromise. According to Ctrl Alt Intel, KazakRAT is suspected to be the work of a suspected state-affiliated cluster targeting Kazakh and Afghan entities as part of a persistent campaign ongoing since at least August 2022.
In light of these recent developments, it has become clear that cybersecurity experts must remain vigilant in their efforts to detect and respond to emerging threats. Users are advised to audit Microsoft Defender exclusions and scheduled tasks, remove malicious tasks and startup scripts, isolate affected endpoints, and reset credentials for users active on compromised hosts.
The discovery of these Java-based RATs highlights the need for organizations to prioritize cybersecurity awareness training for employees and implement robust security measures to prevent similar attacks in the future. Furthermore, regular software updates and patches must be implemented to address vulnerabilities that may exist in various applications.
In conclusion, the spread of Trojanized gaming tools via browsers and chat platforms has emerged as a significant threat to individual users and organizations alike. The use of Java-based RATs and the emergence of new Windows RAT malware families have further complicated this landscape, emphasizing the need for heightened vigilance and proactive measures to mitigate these risks.
Related Information:
https://www.ethicalhackingnews.com/articles/Trojanized-Gaming-Tools-Spread-Java-Based-RAT-via-Browser-and-Chat-Platforms-A-Lurking-Threat-to-Cybersecurity-ehn.shtml
https://thehackernews.com/2026/02/trojanized-gaming-tools-spread-java.html
https://cyberwebspider.com/the-hacker-news/trojanized-gaming-tools-java-rat/
Published: Fri Feb 27 05:20:35 2026 by llama3.2 3B Q4_K_M
