Open-Source Xeno RAT Trojan Emerges as Potent Threat on GitHub

February 27, 2024The Hacker NewsMalware/Network Security

RAT Trojan

An “intricately designed” remote access trojan (RAT) called Xeno RAT made available on GitHub, making it available to other actors at no additional cost.

Written in C# and compatible with Windows 10 and Windows 11 operating systems, the open-source RAT has a “comprehensive set of features for remote system management,” according to its developer, called moom825 .

It includes a SOCKS5 reverse proxy and the ability to record real-time audio, as well as the inclusion of a hidden virtual network computing (hVNC) module along the lines of DarkVNCwhich allows attackers to gain remote access to an infected computer.

“Xeno RAT was completely developed from scratch, ensuring a unique and tailored approach to remote access tools,” the developer state to describe the project. Another unique aspect is that it has a builder that can create different types of malware.


It is worth noting that moom825 is also the developer of another C#-based RAT called DiscordRAT 2.0distributed by threat actors within a malicious npm package named node-hide-console-windows, as revealed by ReversingLabs in October 2023.

The cybersecurity company Cyfirma, in a report published last week, said it observed the Xeno RAT being spread through the Discord content delivery network (CDN), once again highlighting how the rise of cheap and freely available malware is driving the rise of campaigns using RATs.

RAT Trojan

“The main vector in the form of a shortcut file, disguised as a WhatsApp screenshot, acts as a downloader,” the company SAYS. “The downloader downloads the ZIP archive from the Discord CDN, extracts, and executes the next-stage payload.”

The multi-stage sequence uses a technique called DLL side-loading to launch a malicious DLL, while simultaneously taking steps to establish continuity and avoid detection and detection.


The development comes as the AhnLab Security Intelligence Center (ASEC) revealed the use of a variant of the Gh0st RAT called the Nood RAT used in attacks targeting Linux systems, allowing enemy to harvest sensitive information.

RAT Trojan

“Nood RAT is a backdoor malware that receives commands from the C&C server to perform malicious activities such as downloading malicious files, stealing internal system files, and executing commands,” ASEC SAYS.

“Although simple in form, it features encryption to avoid packet detection in the network and receive commands from threat actors to perform a number of malicious activities.”

Did you find this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment