🟠 High  |  Source: The Hacker News


LabubaRAT is a newly discovered remote access trojan written in Rust that disguises itself as NVIDIA software to avoid detection on Windows systems. Once installed, it establishes a persistent foothold allowing attackers to profile the host and carry out hands-on activity. Its use of a legitimate-looking software identity makes it particularly effective at evading endpoint defences.

Security Architect’s Take: Enforce application allowlisting and code-signing policies to block unsigned or unexpected executables masquerading as GPU vendor software, particularly on cloud-connected Windows workloads and developer endpoints. Review EDR telemetry for Rust-compiled binaries impersonating NVIDIA processes and consider restricting outbound RAT command-and-control channels at the network perimeter.

Original advisory: LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts