MostereRAT Targets Windows, Uses AnyDesk and TightVNC for Full Access

Cybersecurity researchers at FortiGuard Labs have uncovered MostereRAT, a new high-severity Remote Access Trojan (RAT) targeting Windows devices through phishing campaigns aimed at Japanese users. The attack begins with convincing emails that trick victims into downloading a compromised file containing the malware. MostereRAT uses advanced evasion tactics, including coding in the uncommon Easy Programming Language (EPL), disabling antivirus tools and Windows security features, and securing communications with mutual TLS (mTLS) to avoid detection. Once installed, it deploys legitimate remote access tools like AnyDesk and TightVNC to gain full control, steal data, and install additional payloads. It also creates a hidden admin account to maintain persistent access. Evolving from a banking trojan first seen in 2020, MostereRAT represents a growing threat, with researchers urging organizations to strengthen phishing awareness, browser security, and privilege management.