New Python RAT Targets Gamers via Minecraft

A new multi-function Python RAT has been discovered targeting gamers through Minecraft. The malware, posing as a legitimate Minecraft client called 'Nursultan Client', uses the Telegram Bot API for command and control. It has capabilities including screenshot capture, webcam access, Discord token theft, and URL opening on victim machines. The malware attempts to persist on Windows systems but has flaws in its implementation. It specifically targets Discord authentication tokens and performs system reconnaissance. The use of Telegram for C2 and the focus on gamers suggests a Malware-as-a-Service model, with the author likely selling customized versions to other threat actors.

Pulse ID: 68f92a454b142cf4c6c98c2b
Pulse Link: https://otx.alienvault.com/pulse/68f92a454b142cf4c6c98c2b
Pulse Author: AlienVault
Created: 2025-10-22 19:02:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #CyberSecurity #Discord #InfoSec #Mac #Malware #MalwareAsAService #Minecraft #OTX #OpenThreatExchange #Python #RAT #Telegram #Windows #bot #AlienVault