Webrat, disguised as exploits, is spreading via GitHub repositories
Essential information
- Published
- 23/12/2025 15:37
- Modified
- 23/12/2025 17:50
- Tags
- 2025-12-23 CVE-2025-10294 CVE-2025-59230 CVE-2025-59295 backdoor cybersecurity exploit github information-stealing malware social engineering trojan vulnerability webrat
- Related entities
- 10 vulnerabilities (cve), 5 observables, 2 techniques (mitre), 1 malware, 2 others
Description
A new malware campaign targeting security professionals and students has been uncovered. The threat actor behind Webrat is now disguising the backdoor as exploits and proof-of-concept code for high-profile vulnerabilities, distributing it through GitHub repositories. The malware, which previously spread via game cheats and cracked software, now aims to infect inexperienced security researchers. The campaign uses carefully prepared repositories with AI-generated vulnerability reports to build trust. The malicious files, when executed, disable Windows Defender, escalate privileges, and fetch the Webrat backdoor. This backdoor can steal data from various applications, perform keylogging, and access webcams and microphones. The attack serves as a reminder for cybersecurity professionals to exercise caution when handling potentially malicious files and to use isolated environments for analysis.