Latest news with #NeptuneRAT
Miami Herald
09-04-2025
- Miami Herald
Microsoft Windows users face a dangerous threat
Microsoft recently reminded Windows 10 users that support for the operating system will end on October 14, 2025. Microsoft 10 launched in July 2015, and the company was obliged to give 10 years of support. Windows 10 is the most popular Windows OS, accounting for 54% of market share or more than $800 million users, according to Statista. In 2024, Microsoft Windows ran on 1.6 billion active devices. For users wishing to continue using Windows 10 beyond its end-of-support date, Microsoft offers a one-year Extended Security Update (ESU) program priced at $30. However, without ESU or an upgrade to Windows 11, users will face increased security risks. Related: Tech group leader sends startling eight-word message about tariffs The tech giant, which celebrated its 50th birthday this month, has not provided as much information about the ESU program for regular users as it has for business customers. This may be a strategic move to encourage users to upgrade to Windows 11 rather than opting for the ESU, writes Windows Latest. The winding down of support is particularly important, given a new emerging cybersecurity threat that could pose a major risk to Microsoft's customers. An updated version of malware known as Neptune RAT (Remote Access Trojan) presents an "extremely serious threat" to millions of Windows users. Cyfirma, a Singapore-based cybersecurity firm, recently issued a warning regarding the malware, which has spread across platforms such as GitHub, Telegram, and YouTube. The malware is often marketed as the "Most Advanced RAT," according to Cyfirma. Cyfrima describes Neptune RAT as a "sophisticated and highly dangerous" piece of malware capable of bypassing traditional security measures, stealing passwords, and even destroying Windows operating systems. The RAT can compromise over 270 applications, including browsers, and features both ransomware capabilities and live desktop monitoring. Related: Veteran fund manager who forecast S&P 500 crash unveils surprising update Designed to disrupt and steal sensitive data, Neptune RAT applies high-level anti-analysis techniques to maintain a presence on the victim's system for a long period of time. Once established, it can fully take control of a device, extracting sensitive information and receiving further instructions from its handlers. The worst part: the developer suggests that there is an even more powerful version of this malware. Neptune RAT's creator, who made it available without the source code, claims it is intended for "educational and ethical purposes," though the malware's capabilities make it hard to believe that explanation. The developer, currently residing in Saudi Arabia, states that this is a free version, implying the existence of a more advanced, paid version. Sensitive information that Neptune RAT can collect includes the user's name, computer details, operating system data, hardware specifications (such as CPU, RAM, and hard drive serial number), network data, and even information about connected USB devices. Written in Visual Basic .NET, the RAT can swap clipboard contents with the attacker's cryptocurrency wallet addresses. Its code is obfuscated with Arabic characters and emojis to make reverse engineering more difficult. Additionally, Neptune RAT can extract and decrypt passwords from browsers such as Chrome, Opera, Chromium, 360Chrome, Brave, Yandex, and others. These credentials are then transmitted to the attacker's server. To mitigate the risk of an attack, Cyfirma recommends several courses of action. Implementing threat intelligence to detect indicators of advanced endpoint protection platforms with real-time host-based intrusion prevention strong email security filters and regular vulnerability should only be downloaded from trusted sources. In 2024, Microsoft reported revenues of $245.1 billion, a 15.67% year-over-year increase. Net income grew 22% to $88.1 billion, with earnings per share reaching $11.8. Year-to-date, Microsoft stock is down 15.88%, trading at $354.56. On April 7th, before Cyfirma's warning about Neptune RAT, Microsoft's stock dropped to $350.09 per share in the morning session, marking its lowest point in over a year. While it closed the session at $357.86 and showed some recovery on Tuesday morning, it still remains below its lowest level in more than 15 months. Even a milestone as significant as the 50th anniversary of one of the world's largest tech companies could not shield its stock from the market's reaction to the emerging cybersecurity threat and the ongoing impact of Trump's tariffs. Related: Veteran fund manager unveils eye-popping S&P 500 forecast The Arena Media Brands, LLC THESTREET is a registered trademark of TheStreet, Inc.
Forbes
08-04-2025
- Forbes
Microsoft Users Now At Risk—This Update Destroys Windows
New warning for all Windows users Just as Microsoft escalates warnings for the 800 million Windows users risking an end to security updates, here comes a reminder as to why that will be a nightmare come true: An updated malware threat not only 'bypasses traditional security measures' to steal passwords, but it even now 'has the capability to destroy Windows OS.' The updated version of Neptune RAT, reports Cyfirma, has now been shared on Github by its developers. The remote access trojan 'incorporates advanced anti-analysis techniques and persistence methods to maintain its presence on the victim's system for extended periods and comes packed with dangerous features, including a crypto clipper, password stealer with capabilities to exfiltrate over 270+ different applications' credentials, ransomware capabilities, and live desktop monitoring.' Once installed on a PC, a RAT can take over a system and conduit directly to its handlers to send and receive data and instructions. This updated malware includes many of the latest techniques to avoid detection and ensure its outcomes are achieved. All told, Cyfirma warns this is 'an extremely serious threat,' and it is being pushed out across multiple channels, including Telegram and YouTube, 'often marketed with phrases like 'Most Advanced RAT.' This indicates its widespread use by cybercriminals targeting Windows users.' What's worse, the version of the malware being touted is unlikely to be the most sophisticated version available. The developers 'hint at a more advanced version behind a paywall.' This marketing masquerades as cybersecurity education and training, but in reality it 'raises serious security concerns.' The malware's password stealing capabilities will raise particular concerns, and it's primed with a stealer that can attack 'various browsers, including Chrome, Opera, Yandex, 360Chrome, Comodo Dragon, Coolnovo, Torch, Chromium, and Brave.' The stealer 'extracts browser data from the default LocalApplication folder, where credentials are stored in an encrypted format. After extracting the data, the malware decrypts the credentials and sends them to the attacker's server.' As we have seen multiple times recently, this RAT also piggybacks on core Windows system processes for stealth and persistence. This helps obfuscate against security analysis and also reboots the malware with a system restart. 'The malware creates a persistent scheduled task in Windows using It sets the task to run every minute (/sc minute /mo 1) and executes a command by passing the file path parameter. The task runs silently ( and forces creation (/f).' Unsurprisingly, the RAT is also primed for ransomware, creating 'an HTML file on the desktop named 'How to Decrypt My [which] provides instructions on how to contact the attacker, explains what has happened to the files, and specifies the ransom amount required to recover them… All files on the system are encrypted, and their extensions are changed to .ENC, rendering them inaccessible without decryption.' Cyfirma warns that 'Neptune RAT's arsenal of malicious capabilities – ranging from ransomware and crypto clippers to live desktop monitoring and antivirus disabling – makes it a severe threat… Given its complexity and evolving nature, it poses a significant risk to both individuals and organizations.' Not only do users need to ensure they're up-to-date with all the latest Windows vulnerability fixes, but also need to run updated security software to monitor for such threats. And if you're still using Windows 10, don't let October 14 come and go without security a solution that maintains those critical security updates.
