vulnerability🌐InternationalBleepingComputer
WebRAT malware spread via fake vulnerability exploits on GitHub
Wednesday, December 24, 2025
What
The WebRAT malware is now being delivered through GitHub repositories that falsely advertise proof-of-concept exploits for various vulnerabilities. The malware can steal sensitive information, including credentials for popular platforms and cryptocurrency wallets, and can also spy on users. This shift in distribution method highlights the increasing sophistication of malware campaigns and the need for users to be vigilant about the sources of software they download.
Where
Global, with a focus on users of platforms like Steam, Discord, and WordPress.
When
The malware has been in circulation since early 2025, with the distribution through GitHub repositories noted since September 2025.
Key Factors
- •WebRAT can steal credentials and sensitive information from various platforms.
- •Malware is distributed via fake GitHub repositories claiming to provide exploits for known vulnerabilities.
- •The use of AI-generated text in repository descriptions indicates a new level of sophistication in malware distribution.
Takeaways
- →Users should verify the legitimacy of software sources before downloading.
- →The cybersecurity community must remain vigilant against evolving malware distribution tactics.
- →Running untrusted code in isolated environments is crucial to prevent infection.
