Guavy AI Editorial TeamSentiment: -2Clout: 88

Russian Hackers Use Trojanized Software to Spread Starland Malware

Russian hackers have been using trojanized software to spread the Starland malware, which steals credentials and cryptocurrency. The attack vector has been active since at least June 2025 and primarily targets users in the US.

The threat actor, tracked as UAT-11795, distributes the payload through trojanized installers for legitimate software such as WebEx, Zoom, MobaXterm, DBeaver, and FaceIT. Researchers speculate that the malicious files are likely pushed using the ClickFix method.

The Starland RAT checks if it's running in a sandbox environment and attempts to increase its privileges. It also looks for data on the compromised system, including browser information, cryptocurrency wallet assets, and active directory details.