Cybersecurity specialists from the Solar 4RAYS cyberthreat research center, a division of the Solar Group, have uncovered a dangerous new malware strain dubbed “Webrat.”
This sophisticated threat has been identified as a multi-functional remote access tool (RAT) and information stealer that aggressively targets victims through deceptive social engineering campaigns involving popular code repositories and video streaming platforms.
According to the investigation by Solar 4RAYS, Webrat first began surfacing in January 2025, with early iterations being traded on closed dark web channels.
The malware is designed to grant attackers extensive control over infected systems while stealthily exfiltrating sensitive personal and financial data.
Its primary capabilities include spying on victims via desktop screen capture and webcam access, allowing threat actors to monitor user activity in real-time.
The operators behind Webrat have adopted a highly effective distribution strategy targeting the gaming community and users seeking software workarounds.
The malware is frequently disguised as “cheats” software designed to provide unfair advantages in popular video games such as Rust, Counter-Strike, and Roblox.
Furthermore, the attackers are exploiting regional software restrictions. In instances where legitimate applications like Discord are banned (such as in Russia), Webrat is packaged as a “patch” or utility claiming to restore access. These malicious files are distributed via:
- GitHub Repositories: Attackers host the malware on the platform, often masquerading as open-source tools or proof-of-concept exploits to gain the trust of technically inclined users.
- YouTube Comments: Attackers post video tutorials on installing cheats or patches and leave links to the malware archives in the comments section.
- Pirated Software Sites: General repositories for cracked software serve as additional hosting grounds.
Technical Capabilities and Risks
Once installed, Webrat functions as a potent stealer. It targets login credentials for platforms including Steam, Telegram, and Discord, as well as cryptocurrency wallets.
Beyond data theft, the malware establishes complete control over the victim’s User Interface (UI), enabling attackers to manipulate the desktop, download additional payloads such as crypto miners, or install blockers that turn off security software.
Solar 4RAYS experts warn that the impact extends beyond financial loss. The stolen data is reportedly being leveraged for blackmail and “swatting” a harassment tactic where attackers make fake police calls to dispatch emergency response teams to the victim’s location.
Discussions monitored by researchers suggest malicious actors are already using Webrat for these specific intimidation purposes.
Mitigations
While gamers are the primary target, the threat poses a significant risk to corporate environments.
Employees downloading pirated software or unauthorized “patches” on work devices can inadvertently introduce Webrat into enterprise networks, compromising sensitive office conversations and corporate data.
To mitigate these risks, Solar 4RAYS advises organizations and individuals to utilize advanced antivirus solutions and strictly avoid downloading software from untrusted sources or comment links.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.