Cybersecurity researchers report the discovery of LabubaRAT, a previously undocumented Rust-based remote access trojan (RAT) that targets Windows systems while posing as NVIDIA software to blend into victim environments. The malware is linked to analysis by Blackpoint Cyber, which describes it as establishing “a reusable foothold for hands-on activity” after it is deployed.
According to the researchers, once LabubaRAT runs on a compromised host, it performs reconnaissance and supports ongoing operator activity. Reported capabilities include profiling the infected system, identifying installed security tools, receiving commands from an operator, and handling basic remote-management functions such as transferring files and capturing screenshots. The malware also supports network-level post-compromise activity by proxying traffic through the affected system.
Both sources describe LabubaRAT’s use of masquerading as NVIDIA-themed software as a key tactic for evasion. The samples and naming details are attributed to Blackpoint Cyber researchers, who said they derived the name “LabubaRAT” from a “LabubaPanel” title observed during analysis.