Researchers at CYFIRMA have discovered a recent version of Neptune RAT. This malware is written in Visual Basic .NET, and is spreading across various platforms (including YouTube, GitHub and Telegram) to hijack Windows devices and steal credentials. 

Satish Swargam, Principal Security Consultant at Black Duck, discusses the techniques used by Neptune Rat, stating, “Neptune RAT uses sophisticated techniques to steal sensitive information from the users. This technique employs GitHub, Telegram and YouTube to propagate the trojan without being flagged by traditional security measures. Some of its exploits include deploying ransomware that encrypts file and demands payment bringing businesses to a halt until the issue has been addressed.” 

Although the malware targets an individual users, it could also pose an organizational risk. 

“Neptune RAT exemplifies the notion that software risk equates to business risk, with widespread consequences as victim’s screen can be monitored in real-time and clipboard content can be replaced with attacker’s cryptocurrency wallet addresses,” Swargam explains. “This malware continues to evolve with new exploits since the techniques are available on GitHub initially meant to be for educational purposes by Freemasonry Group.”

In order to defend against the Neptune RAT threat (and others like it), Swargam says, “Continuous monitoring, robust endpoint protection and proactive threat detection strategies are crucial to mitigating the impact of this trojan.”