Telegram-Based Millenium RAT Campaign Infects 60,000 Devices
ID: 193d22b0-03a4-50e9-afc9-a6fa326210a2
STIX ID: report--193d22b0-03a4-50e9-afc9-a6fa326210a2
Feed Name: Infosecurity Magazine (News)
Group-IB researchers report that Millenium RAT, a Telegram Bot API–controlled remote access trojan rewritten in native C++, has infected approximately 62,289 Windows systems worldwide (39,730 in Q1 2026). Sold cheaply as malware-as-a-service by an actor known as ShinyEnigma and attributed to the Y2K Operators, the RAT steals browser data, logs keystrokes, captures screenshots and audio, can download and run additional payloads (and includes some file-encrypting commands), and spreads via social-engineered booby-trapped downloads and backdoored tools.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
