New 'LabubaRAT' Remote Access Trojan Disguised as Nvidia Software Detected Controlling Windows Hosts
A Rust-based remote access Trojan (RAT), dubbed 'LabubaRAT,' has been discovered disguised as legitimate Nvidia software to disrupt cybersecurity monitoring. Blackpoint Cyber's analysis report highlights its capabilities, including real-time infiltration, host profiling, security tool identification, command execution, file transfers, screenshot capture, and proxy traffic relaying. The malware employs multiple communication channels like HTTPS, WebView2, and DNS tunneling to maintain control despite network path disruptions. Researchers note its potential as a Malware-as-a-Service (MaaS) offering, with initial attacks originating from a spoofed Nvidia container runtime tool. The malware infiltrates systems to gather browser data, UAC status, hardware specs, and installed security products before executing advanced control functions independently.