All news with #deskrat tag

APT36 Targets Indian Government with Golang DeskRAT

🔐 Sekoia observed Transparent Tribe (APT36) conducting spear-phishing campaigns in Aug–Sep 2025 that deliver a Golang remote access trojan dubbed DeskRAT. The attacks use ZIP attachments containing malicious .desktop files that display a decoy PDF while executing the payload, specifically targeting BOSS Linux systems. DeskRAT establishes WebSocket C2, supports multiple persistence mechanisms, and includes modules for harvesting and exfiltrating WhatsApp and Chrome data. Researchers also reported the use of "stealth servers" and a shift from cloud-hosted distribution to dedicated staging infrastructure.