By rssfeeds-admin Because they operate quietly, these trojans remain a staple in the modern hacker’s toolkit, evolving over the years into complex weapons capable of remote code execution and advanced network reconnaissance.
In early 2026, security researchers at LevelBlue SpiderLabs uncovered a new threat in this category named KarstoRAT.
This malware brings a heavy mix of surveillance capabilities combined with highly unusual features designed to disrupt its victims.
To distribute the malware, attackers target younger audiences and gamers using a trap disguised as a virtual marketplace for the popular Roblox game, “Blox Fruits.”
When unsuspecting players attempt to download items from this fake marketplace, they are secretly infected with KarstoRAT directly on their machines.
Deep Surveillance and System Control
Once KarstoRAT successfully infects a system, it immediately begins a thorough reconnaissance mission.
The malware takes a complete inventory of the infected computer. It records the computer name, the current username, the operating system version, and details regarding the processor, available memory, and disk space.
It also captures a snapshot of every program currently running on the machine. To keep it active, KarstoRAT enters an infinite two-second loop.
This continuous cycle keeps the malware alive indefinitely and allows it to manage its background features without crashing.
Furthermore, it uses specific startup capabilities to establish deep persistence. It alters system settings so the malware launches automatically when the user logs in to the computer.
While data theft is standard for this type of threat, KarstoRAT includes several bizarre features designed to harass the victim.
For example, attackers can leverage a built-in text-to-speech tool. This allows the hacker to type a message and force the compromised computer’s speakers to read it out loud.
Threat actors use this unusual feature to deliver frightening messages, taunt the user, or create loud distractions.
Additionally, the malware can remotely replace the victim’s desktop background with any image retrieved from an attacker-controlled link.
The active disruption goes far beyond simple audio taunts LevelBlue. KarstoRAT includes a feature that can instantly flip the victim’s entire screen display upside down. It can also swap the functions of the left and right mouse buttons.
These actions are deliberately meant to disrupt normal computer use. By making the computer incredibly frustrating to navigate, the malware severely hinders the victim’s ability to find the source of the problem or run antivirus software.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post KarstoRAT Malware Expands Remote Espionage Capabilities appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.