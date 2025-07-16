Malware, Threat Intelligence

Dozens of new AsyncRAT variants discovered

CyberScoop reports that open-source remote access trojan AsyncRAT, which touts credential theft, screen capturing, and keylogging capabilities, has been observed to have over 30 different variants and forks since its release in 2019.

While DcRat remains the most commonly spread AsyncRAT fork, VenomRAT poses a more significant threat due to its offensive functionality, increased covertness, and client-integrated features that enable self-containment and reduced external module dependence, according to a report from ESET, which also noted the emergence of SantaRAT and other novelty iterations of AsyncRAT. Even though configuration and obfuscation differences have presented challenges in ensuring their consistent detection, AsyncRAT and its forks have continued to share similar plugin architectures and encryption routines, said ESET malware researcher Nikola Knezevic. "Recognizing these shared characteristics is crucial for defenders, as it allows for more effective detection and attribution, even when the malware has been heavily obfuscated or superficially rebranded," said Knezevic.

