The webrat trojan program allows you to monitor the victim through a desktop and webcam screen, stealing data in the browser, cryptocurrencies, online games and messengers.
Trojan was discovered by experts from the Research Center by Solar 4ras of the solar company group in the process of researching the dark segment of the Internet. This malware (VPO) is sold to attackers through a channel in the form of malware as a service business model (MAAS)-In the framework of the crime for a fee for their customers to access VPO and the corresponding IT infrastructure.
Maas is an illegal choice for the popular cloud model “Software as a service”, part of the concept of “similar to service as a service” (cyber criminal as a service, CAAS). To work with the webrat, its developers give a web server a dashboard. Register into malware is controlled through this dashboard.
The attackers hide their software under the game versions or pirate programs to hack. Webrat is embedded in fraudulent programs to achieve dishonest advantages in popular computer games, such as Rust, Counter Strike and Roonlox, as well as in utilities to check other players to use fraud code and in the repair applications of blocked applications in Russia, for example, not broken (banned in the Russian Federation).
The program is distributed through the github platform under the shell of different utilities. Moreover, to destroy the attention of the victim, some programs contain legal functions built. Another distribution channel is websites with pirate and youtube programs: Hackers publish video tutorials to install programs for gamers and suggest download webrat storage are disguised, leaving a link in the comments on rollers.
Webrat performs the function of the Steer program, abducting accounts in Steam, Telegram, data to import cryptocurrencies and other Internet services.
The malware allows you to observe the victim's actions through the broadcast of the screen and via the webcam, listen to microphones, fully control the computer through the user interface and download locks and miners.
4rays sun experts believe that the victims of WebRat are usually the most users and gamers, however, this is a danger to the business sector. It can reveal personal information, negotiate in the office and business information. Style allows attackers to get all information about the victim's account effectively. And because the webRat blocks the data of the Internet sessions, the entrance of the attacker's account has not been noticed, even the cloud authorization and the protection of two factors are powerless here.
Experts note the growth trend of the number of cases using VPO in Rudet. According to the project “Domain Patrol”, in the first four months of 2025, the number of complaints related to the spread of VPO, increased by nearly four times – from 823 to 3260 appeal.
Kaspersky Head Head in Russia Dmitry Galov noted that although stylists are a typical threat to computers, the owner of a smartphone is also at risk of falling into cyber criminals to restore access to cryptocurrencies.
To protect yourself from personal data stealing programs, experts recommend installing exclusive applications from official sources, avoiding pirate software, regularly updating installed software and operating systems, as well as using specialized protection devices on all equipment used.