Article Details

New Atroposia malware comes with a local vulnerability scanner. A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. The malware is available for a $200 monthly subscription that unlocks advanced features such as hidden remote desktop, file system control, data exfiltration, clipboard theft, credential theft, cryptocurrency wallet theft, and DNS hijacking. Atroposia was discovered by researchers at data security company Varonis, who warned that it’s the latest example of an easy-to-use, affordable “plug and play” toolkit, alongside SpamGPT and MatrixPDF. Atroposia overview Atroposia is a modular RAT that communicates with its command-and-control (C2) infrastructure over encrypted channels and can bypass the User Account Control (UAC) protection to increase privileges privilege on Windows systems. According to the researchers, it can maintain persistent, stealthy access on infected hosts, and its main capabilties include: The researchers say that the vulnerability check "is dangerous in corporate environments because the malware might find an outdated VPN client or an unpatched privilege escalation bug." This can be easily used to gain deeper access. According to a report from Varonis, the module checks for missing patches, insecure settings, and outdated software versions. The function may also be used to find nearby systems that can be exploited. The emergence of Atroposia adds yet another MaaS option for cybercriminals, lowering the technical barrier and enabling low-skilled threat actors to execute effective campaigns. To mitigate the risk, users are advised to download software only from official sites and reputable sources, avoid pirated software and torrents, skip promoted search results, and never execute commands they find online that they don’t understand. Picus Blue Report 2025 is Here: 2X increase in password cracking 46% of environments had passwords cracked, nearly doubling from 25% last year. Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.