RAT

A legitimate and widely used open source server monitoring tool has been repurposed by attackers to gain complete remote control of compromised systems. According to findings from the Ontinue Cyber ​​Defense Center, the activity involves Nezha, a popular monitoring platform that offers administrators system visibility and remote management features in Windows and Linux environments. In this campaign, Nezha is deployed as a remote access tool (RAT) in the post-exploitation phase, instead of being a traditional malware. Since the software is legitimate and actively maintained, it records zero detections on VirusTotal, where 72 security vendors detected nothing suspicious. The agent is installed silently and only becomes visible when attackers begin issuing commands, making traditional signature-based detection ineffective. ...