From cheats to exploits: Webrat spreading via GitHub

Webrat backdoor campaign: security researchers uncovered a campaign (active since at least September/October 2025) that distributes the Webrat Trojan via GitHub repositories posing as vulnerability exploits and PoCs to lure inexperienced security students and professionals; the initial dropper escalates privileges, disables Defender, fetches and executes the Webrat payload from hardcoded C2 domains, and the backdoor enables credential and cryptocurrency theft, screen/webcam/microphone surveillance, and keylogging. The report includes multiple malicious repository links, C2 domains, MD5 hashes, and recommends analyzing such files only in isolated environments (VMs/sandboxes) and using reliable security solutions.