The modular Windows RAT uses in-memory execution and live operator control to maintain persistence and exfiltrate sensitive data.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

Security researchers discovered a sophisticated Windows malware campaign using Pulsar RAT, a modular remote access trojan that operates primarily in memory to evade detection. The attack chain begins with a batch script establishing persistence via Registry Run keys, then uses a PowerShell loader to inject .NET shellcode directly into memory. The malware supports live, interactive operator control for real-time reconnaissance and command execution, while simultaneously harvesting credentials and system data. It employs anti-analysis techniques including anti-VM and anti-debugging measures, and exfiltrates stolen data through Discord webhooks and Telegram bots. Detection requires behavioral monitoring of PowerShell execution, shellcode injection, and Registry modifications rather than traditional file-based scanning.

This stealthy Windows RAT holds live conversations with its operators