LabubaRAT is a newly identified Rust-based remote access tool (RAT) that disguises itself as NVIDIA software to facilitate operations on Windows systems. It establishes a reusable foothold for hands-on activity and can profile the host system, identify security tools, execute commands, transfer files, capture screenshots, and proxy network traffic. LabubaRAT retrieves its configuration at launch via command-line arguments or environment variables, allowing operators to specify parameters like the command-and-control server and API key at runtime. It maintains local state in a SQLite database and supports communication through HTTPS polling, Microsoft Edge WebView2, and DNS tunneling. The malware includes capabilities for command execution, file handling, and establishing persistence through a Windows Run registry key. The entry point for the attack is an executable named nvidia-sysruntime.exe, which masquerades as NVIDIA’s container runtime toolkit. LabubaRAT conducts thorough profiling of the host, checking for installed browsers and security products, and gathers information on the system's specifications. Blackpoint Cyber has shared indicators of compromise to help detect LabubaRAT activity.