Moonrise RAT: A New Low-Detection Threat with High-Cost Consequences
Essential information
- Published
- 24/02/2026 17:00
- Modified
- 24/02/2026 20:54
- Tags
- 2026-02-24 c2 communication credential-theft go-based low-detection moonrise moonrise rat rat remote access trojan
- Related entities
- 7 observables, 20 techniques (mitre)
Description
A new Go-based remote access trojan named Moonrise has been discovered, operating without early static detection and establishing active C2 communication before vendor alerts. The RAT supports credential theft, remote command execution, persistence, and user monitoring, enabling full remote control of infected endpoints. Its capabilities include stealing passwords, executing remote commands, uploading files, capturing screens, and accessing webcams and microphones. The malware's silent operation increases business exposure, extending dwell time and raising risks of data loss and operational disruption. The attack chain involves session registration, host environment visibility, direct system interaction, credential access, active user monitoring, and privilege manipulation. Early detection strategies involve monitoring for weak signals, rapid triage with behavior confirmation, and threat hunting to prevent repeat incidents.