NewApp Digest
search bot

RAT

Why I love Diablo 2, Act 1
AppWizard
March 2, 2026

Why I love Diablo 2, Act 1

Diablo 2's Act 1 features haunting landscapes that evoke nostalgia and adventure, connecting players to the original Diablo through familiar settings like Blood Moor, graveyards, and the monastery. The environments draw inspiration from classic horror films, offering a cinematic quality. Players can explore various points of interest or venture into hidden dungeons. Combat includes diverse enemies such as corrupted rogues and goatmen, with an engaging soundtrack enhancing the experience. Returning to Tristram reveals its destruction, with the blacksmith Griswold transformed into an undead figure. The Catacombs serve as a nod to the first game, filled with rat men and gargoyles, creating an atmosphere of mystery and danger.
Fake Xeno and Roblox Utilities Used to Install Windows RAT, Microsoft Warns
Winsage
March 2, 2026

Fake Xeno and Roblox Utilities Used to Install Windows RAT, Microsoft Warns

Cybersecurity experts at Microsoft Threat Intelligence have identified a trend where attackers distribute counterfeit gaming tools that install a remote access trojan (RAT) on users' systems. These trojanized executables, such as Xeno.exe or RobloxPlayerBeta.exe, are shared through browsers and chat platforms. The initial executable acts as a downloader, installing a portable Java runtime environment and launching a harmful Java archive, jd-gui.jar. Attackers use built-in Windows tools to execute commands via PowerShell and exploit trusted system binaries, minimizing detection risk. The embedded PowerShell script connects to remote locations, downloads an executable as update.exe, and executes it. The malware erases evidence of the downloader and modifies Microsoft Defender settings to allow RAT components to function undetected. It establishes persistence through scheduled tasks and a startup script named world.vbs, enabling prolonged access to the compromised device. Microsoft Defender can detect the malware and its behaviors, and organizations are advised to monitor outbound traffic and block identified domains and IP addresses. Users are encouraged to scrutinize Microsoft Defender exclusions and scheduled tasks for irregularities and remain cautious about downloading tools from unofficial sources.
Hack-and-Slash Action Game Verminsteel Announced for PC
AppWizard
March 1, 2026

Hack-and-Slash Action Game Verminsteel Announced for PC

Developer Glass Bottom Games has announced its upcoming title, Verminsteel, an anthropomorphic hack-and-slash action game set to launch on PC via Steam in 2027. The game features players as a crow warrior fighting against occupying forces, utilizing various weapons and engaging in battles across the Fragarian countryside. Players can also play as other characters, rally allies, and upgrade weapons. The game emphasizes community themes and has been developed without the use of generative AI.
Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery
Winsage
March 1, 2026

Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery

Cybercriminals are exploiting a legacy feature in Windows File Explorer, specifically the WebDAV protocol, to distribute malware and bypass traditional security measures. Despite Microsoft deprecating native WebDAV support in November 2023, it remains active on many systems. Attackers use WebDAV to deceive victims into executing malicious payloads by sending links that connect File Explorer directly to remote servers, avoiding web browsers and their security warnings. They employ methods such as direct linking, URL shortcut files, and LNK shortcut files to deliver exploits. The primary objective of these campaigns, which surged in late 2024, is to deploy Remote Access Trojans (RATs), with 87% of Active Threat Reports involving multiple RATs like XWorm RAT, Async RAT, and DcRAT. These campaigns predominantly target corporate networks in Europe, with many phishing emails written in German and English. Attackers use short-lived WebDAV servers hosted on Cloudflare Tunnel demo accounts to obscure their infrastructure. Security analysts are advised to monitor unusual network activity from Windows Explorer and educate users to verify addresses in File Explorer.
Anthropomorphic hack-and-slash action game Verminsteel announced for PC
AppWizard
February 26, 2026

Anthropomorphic hack-and-slash action game Verminsteel announced for PC

Glass Bottom Games has announced their new project, Verminsteel, an anthropomorphic hack-and-slash action game featuring a crow protagonist. The game is set for release on PC via Steam in 2027. Players will use a variety of weapons, including swords and frying pans, to battle against enemy forces and rescue townsfolk. The game emphasizes community and collaboration, with players able to recruit allies and utilize their unique skills. Key features include a deep combat system, squad maneuvers, and weapon upgrades. Glass Bottom Games confirmed that no generative AI was used in the game's development. An announcement trailer is available for viewing.
Fake Huorong Site Delivers ValleyRAT Backdoor in Targeted Malware Campaign
Tech Optimizer
February 24, 2026

Fake Huorong Site Delivers ValleyRAT Backdoor in Targeted Malware Campaign

A cyber operation is targeting users of Huorong Security antivirus software through a typosquatted domain, huoronga[.]com, which mimics the legitimate site huorong.cn. Users who mistakenly visit the counterfeit site may download a file named BR火绒445[.]zip, which contains a trojanized installer that leads to the installation of ValleyRAT, a remote access trojan. The malware employs various techniques to evade detection, including using an intermediary domain for downloads, creating Windows Defender exclusions, and establishing a scheduled task for persistence. The backdoor facilitates activities such as keylogging and credential access while disguising its operations within legitimate processes like rundll32.exe. Attribution points to the Silver Fox APT group, and there has been a significant increase in ValleyRAT samples documented in recent months. Security measures include ensuring software downloads are from the official site and monitoring for specific malicious activities.
Monster Hunter rival Wild Hearts might have been left to die, yet I can't help but love it
AppWizard
February 22, 2026

Monster Hunter rival Wild Hearts might have been left to die, yet I can’t help but love it

Wild Hearts, developed by Koei Tecmo's Omega Force and published by EA, was released in February 2023 but faced performance issues that affected its reception, earning a score of 7/10. The game features innovative mechanics, including a unique weapon system and the Karakuri system, which allows players to summon structures for strategic gameplay. It showcases captivating creature designs, merging animal traits with nature. As of July 2025, it was released on the Nintendo Switch 2, but performance issues persisted, with only 55% positive ratings on Steam. The game is available through EA Play, Game Pass, and frequent sales, often up to 90% off.
Phishing Lures Spread XWorm Remote Access Trojan
Tech Optimizer
February 16, 2026

Phishing Lures Spread XWorm Remote Access Trojan

A cyber-espionage campaign is utilizing the XWorm Remote Access Trojan (RAT) to infiltrate systems via phishing emails and a Microsoft Office vulnerability (CVE-2018-0802). XWorm, first detected in 2022, allows attackers remote control over infected computers for surveillance and data theft. The campaign uses business-oriented phishing emails with malicious Excel attachments that exploit the vulnerability to execute a fileless attack. The malware connects to a command-and-control server, encrypting communications and transmitting system details. XWorm features a plugin architecture with over 50 modules for various malicious activities, including credential theft and DDoS attacks. Security experts highlight the ongoing risk of legacy software vulnerabilities and recommend patching outdated components.
Microsoft: New Windows LNK spoofing issues aren't vulnerabilities
Winsage
February 13, 2026

Microsoft: New Windows LNK spoofing issues aren’t vulnerabilities

Security researcher Wietze Beukema revealed vulnerabilities in Windows LK shortcut files at the Wild West Hackin' Fest, which could allow attackers to deploy harmful payloads. He identified four undocumented techniques that manipulate these shortcut files, obscuring malicious targets from users. The vulnerabilities exploit inconsistencies in how Windows Explorer handles conflicting target paths, allowing for deceptive file properties. One technique involves using forbidden Windows path characters to create misleading paths, while another manipulates LinkTargetIDList values. The most sophisticated method alters the EnvironmentVariableDataBlock structure to present a false target in the properties window while executing malicious commands in the background. Microsoft declined to classify the EnvironmentVariableDataBlock issue as a security vulnerability, stating that exploitation requires user interaction and does not breach security boundaries. They emphasized that Windows recognizes shortcut files as potentially dangerous and provides warnings when opening them. However, Beukema noted that users often ignore these warnings. The vulnerabilities share similarities with CVE-2025-9491, which has been exploited by various state-sponsored and cybercrime groups. Microsoft initially did not address CVE-2025-9491 but later modified LNK files to mitigate the vulnerability after it was widely exploited.
Search