CastleRAT and CastleLoader, active since March 2025, spread malware via phishing and GitHub repos, enabling data theft.

This time, it's a Python-scripted remote access trojan (RAT) that emerged in recent weeks alongside a new spate of targeted attacks.

A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. Sergiu Gatlan May 08, 2025 ...

The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims.

Fake Job Interviews Trick Developers Into Installing Python Trojan Mid-interview aptitude tests give threat actors the perfect opportunity to exploit a job seeker's desire to impress.

In a subsequent update, the package included a Python trojan that was obfuscated using Base64 and targeted Jenkins CI/CD environments.

But according to security analysts, some aptitude tests now have an extra dark side: Threat actors are using fake interviews to trick innocent job seekers into installing a Python remote access ...

On Windows, the script is bundled into an executable with a PyInstaller. The Python Trojan is also capable of checking whether security solutions are being run on a device.

It contains an archive with all the necessary libraries and a Python Trojan that works both on Windows and macOS.

The files discovered contained the Milum Trojan written in C++ and a corresponding Visual Basic Script (VBScript) variant. Further investigation into this attack uncovered another version of the ...