The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

GodRAT

Aug 25, 2025 2:36:30 PM / by The Hivemind posted in Threat Bulletin, AsyncRAT, Gh0st RAT, password stealer, shellcode injector, GodRAT, Remote Access Trojan, financial malware, steganography, FileManager plugin

0 Comments

Verticals Targeted: Financial
Regions Targeted: Hong Kong, United Arab Emirates, Lebanon, Malaysia, Jordan
Related Families: AsyncRAT, AwesomePuppet, Gh0st RAT

Executive Summary

GodRAT is a RAT derived from the Gh0st RAT codebase. It was observed targeting financial institutions via malicious .scr and .pif files distributed through Skype. Leveraging steganography and additional plugins like FileManager, GodRAT facilitates credential theft and system exploration.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More