Fresh Sakura RAT Appears on GitHub

7 April 2025 2 minutes Author: Newsman

The cyber community is alarmed by the appearance of a new remote access trojan, Sakura RAT, on GitHub. This malware is distinguished by a sophisticated camouflage system, successfully bypassing modern protections and providing full control over infected devices.

  1. Sakura RAT, developed, probably by a user under the pseudonym *Haerkasmisk*, provides cybercriminals with a powerful tool for covert control of infected machines. Built-in stealth browser and HVNC (invisible virtual environment) functions allow the attacker to operate without leaving any visible traces.
  2. Sakura uses a number of techniques that have already been used in previous RAT families: process injection, mirrored DLL injection, XOR-obfuscation of traffic and strings. For stability in the system, it is registered in auto-boot via the Run keys of the Windows registry, and can also be launched as a system service.
  3. Sakura RAT is believed to be able to exploit vulnerabilities like CVE-2014-0322 as an entry point, although the mechanism of its distribution is still being investigated. It allows an attacker to control multiple devices simultaneously through a centralized panel, making it a serious threat to corporate networks.

Sakura RAT combines the characteristics of several malicious frameworks, in particular Sakula, which is known for using HTTP GET and POST requests to manage C2 infrastructure. Its code contains parts similar to open projects on GitHub, such as Veil, Chimera, Process Herpaderping – tools for bypassing antivirus protection, which have long been a concern for specialists. Analysts note that the availability of such frameworks lowers the threshold of entry for new attackers, who can now create full-fledged RAT programs without deep technical knowledge.

The appearance of Sakura RAT is another confirmation that attackers are using open resources to create threats to corporate security. Experts are urging companies to implement multi-layered defenses, including behavioral-based EDR, application whitelisting, signature updates, macro disabling, and employee awareness of phishing.

Other related articles
News
Read more
Suspected Chinese hackers exploit new vulnerability in Ivanti firewalls
Hackers from China are exploiting a new weakness CVE-2025-22457 in Ivanti firewall systems, including Connect Secure and Policy Secure, used by government agencies. Despite the availability of the patch, attacks continue, and the company advises to completely abandon outdated devices. This confirms the growing threat of state cyberespionage through edge devices.
151
News
Read more
Port of Seattle reports data breach for 90,000 people after Rhysida attack
Following a cyberattack by the Rhysida group, the Port of Seattle confirmed that the personal data of about 90,000 people, including driver’s licenses and medical records, was compromised. Despite the disruption, key infrastructure services were not affected. The incident was one of the most high-profile examples of ransomware affecting U.S. government agencies.
148
News
Read more
Japanese startup invents wheelchair that climbs stairs on its own
An electric wheelchair that overcomes stairs - such a development was presented by the Japanese company LIFEHUB. Its AVEST model has already gained the support of major investors and has the potential to change the global market for inclusive technologies. Sales are expected to exceed 100 billion yen by 2030, and the device itself will become the new standard for personal mobility for people with disabilities.
155
Found an error?
If you find an error, take a screenshot and send it to the bot.