New Python RAT Targets Gamers via Minecraft

Netskope analyzes a PyInstaller-built Python RAT masquerading as the "Nursultan Client" Minecraft tool that uses a hardcoded Telegram Bot token and allowed-user IDs for C2. The malware can steal Discord authentication tokens, collect system information, capture screenshots and webcam images, and open/display arbitrary URLs or images; it targets gamers, is likely distributed as Malware-as-a-Service, includes published IOCs, and exhibits flawed persistence and limited anti-analysis sophistication.