Argamal: Malware hidden in hentai games

Argamal is a newly identified RAT campaign (April 2026) that trojanizes adult games to drop a downloader which establishes persistence via COM hijacking and later fetches an encrypted payload from GitHub, resulting in full remote control of infected machines; the report provides detailed technical analysis, C2 and command functionality, multiple delivery variants, IoCs (file hashes, domains, IPs, GitHub repos), victim distribution across countries, and limited attribution to a Spanish-speaking developer.