Alleged Sale of Horus Eyes RAT 2025

📖 Overview

A threat actor is promoting Horus Eyes RAT 2025, a cyber-espionage tool designed for covert surveillance, credential theft, and system exploitation. The malware is described as using advanced stealth techniques to evade defenses, including process injection, memory residency, rootkit functionality, and anti-sandboxing.

📌 Key Details

• Victim Country: Unknown
• Industry: Unknown
• Threat Actor: Sebastian85
• Network: openweb
• Category: Malware
• Severity: Low
• Capabilities:
  • Stealth: Process injection, memory residency, rootkit features, anti-sandbox/anti-VM
  • Surveillance: Screen capture, keylogging, webcam and microphone access, clipboard monitoring
  • Exploitation: Remote shell access, file exfiltration, persistence mechanisms
  • Network Attacks: MITM, credential harvesting, USB/network worming
  • Financial Modules: Wallet hijacking, banking trojans, cookie/session hijacking
• Distribution: Shared via file-hosting platforms (4Share, Mega-NZ, MediaFire, mirrored links)

🔗 Claim Post (Plain Text)

Claim Post: Available on the Threat Feeds and Paid Subscriber blog posts.

📸 Screenshot Preview

⚠️ Note: This is a free post. Images may contain redacted information. Paid posts and threat feeds contain unredacted material.

🛡️ WhiteIntel.io Access Infostealers Check

This section is available exclusively for paid subscribers in the Ransomware/Threat Feed blog posts.

🧩 TTPs (MITRE ATT&CK Mapping)

• TA0009 Collection: Keylogging, screen capture, clipboard and webcam monitoring
• TA0001 Initial Access: Spread through USB, file shares, or malicious downloads
• TA0002 Execution: Rootkit and process injection techniques for persistence
• TA0010 Exfiltration: Theft of credentials, financial data, and cryptocurrency wallet info
• TA0040 Impact: Account takeover, financial fraud, espionage, and lateral movement

👤 Threat Actor Profile: Sebastian85

Summary

• Total Matches: 1
• First Seen: 2025-08-25
• Last Seen: 2025-08-25
• Data Start: 2024-10-02
• Countries: –
• Industries: –

📊 Threat Actor Activity

🚨 Potential Risks

Tools like Horus Eyes RAT provide attackers with near-total control of a victim’s system. With features such as banking trojans, wallet hijacking, and keylogging, it poses direct financial risks to individuals and organizations. It also enables long-term espionage through stealthy persistence, exposing sensitive corporate or personal data.

✅ Recommended Security Actions

• Block execution of untrusted binaries and enforce strict application whitelisting
• Deploy EDR/AV solutions capable of detecting process injection and rootkits
• Educate users to avoid downloading files from unverified links or mirrors
• Monitor for unusual clipboard activity, unauthorized screen captures, or webcam access
• Enforce multi-factor authentication and secure financial transactions with hardware tokens
• Conduct proactive threat hunting for signs of persistence mechanisms linked to RATs

💡 Final Thoughts

The reappearance of remote access trojans like Horus Eyes highlights how old malware techniques are continually repackaged with modern features. For defenders, layered detection, strong endpoint monitoring, and continuous education remain the most effective strategies to counter these threats.