Reddit NetSec

CVE Database V5

AlienVault OTX General

Reddit InfoSec News

Exploit-DB RSS Feed

ThreatFox MISP Feed

CIRCL OSINT Feed

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

CyberEye is a modular, .NET-based Remote Access Trojan that utilizes Telegram for Command and Control, eliminating the need for attackers to maintain their own infrastructure. It offers a wide array of surveillance and data theft capabilities, including keylogging, file grabbing, and clipboard hijacking. The malware employs advanced defense evasion techniques, disabling Windows Defender through PowerShell and registry manipulations. Its modules harvest browser credentials, Wi-Fi passwords, gaming profiles, and session data from various applications. The builder framework allows adversaries to customize payloads, making it accessible to less technically skilled threat actors. CyberEye's persistence mechanisms, anti-analysis features, and use of public messaging platforms for C2 make it a significant threat to both consumers and enterprises.

CyberEye is a modular Remote Access Trojan (RAT) developed using the .NET framework, notable for its use of Telegram as a Command and Control (C2) channel. This design choice allows attackers to leverage a public messaging platform, eliminating the need to maintain dedicated C2 infrastructure, thereby increasing operational stealth and reducing costs. The RAT provides extensive surveillance and data theft capabilities, including keylogging to capture keystrokes, file grabbing to exfiltrate files, and clipboard hijacking to intercept copied data. It also harvests sensitive credentials such as browser-stored passwords, Wi-Fi keys, gaming profiles, and session information from various applications, enabling broad access to victim data. 

CyberEye employs advanced defense evasion techniques, notably disabling Windows Defender via PowerShell scripts and registry modifications, which complicates detection and removal. Its persistence mechanisms ensure the malware remains active across system reboots, while anti-analysis features hinder reverse engineering and forensic investigations. The RAT builder framework allows adversaries to customize payloads, lowering the technical barrier for less skilled threat actors to deploy sophisticated malware. The use of Telegram for C2 communications (leveraging techniques mapped to MITRE ATT&CK techniques such as T1102.002) also helps evade traditional network-based detection methods. Overall, CyberEye represents a versatile and stealthy threat capable of extensive data exfiltration and system control, targeting both consumer and enterprise Windows environments.

Detailed information about Understanding CyberEYE RAT Builder: Capabilities and Implications. Get real-time updates, technical details, and mitigation strategie

Title	Severity	Type	Source	Date

Threats Tagged 'windows defender evasion'

Filter Threats

Threats Tagged 'windows defender evasion'