VulnHub

Real-time Cybersecurity News

Telegram-Based Millenium RAT Campaign Infects 60,000 Devices

Infosecurity Magazine
Actively Exploited
MalwareTrojan

Overview

A new campaign involving the Millenium RAT, a remote access trojan, has reportedly affected over 62,000 devices across more than 160 countries. Researchers from Group-IB have identified that the malware has been rewritten in C++, making it more sophisticated and harder to detect. This malware primarily spreads through Telegram, which has raised concerns about the platform being exploited for malicious purposes. Users of various devices are at risk, as the trojan could allow attackers to gain unauthorized access and control over their systems. This incident underscores the need for users to be vigilant about the software they install and the links they click, particularly in messaging applications.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Devices infected by Millenium RAT, primarily through Telegram.
  • Action Required: Users should avoid downloading unknown applications and be cautious with links shared in messaging apps.
  • Timeline: Newly disclosed

Original Article Summary

Group-IB says Millenium RAT, now rewritten in C++, has hit 62,289 devices in 160+ countries

Impact

Devices infected by Millenium RAT, primarily through Telegram.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should avoid downloading unknown applications and be cautious with links shared in messaging apps. Implementing security software that can detect malware may also help mitigate risks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware, Trojan.

Read Original Article

Related Coverage

Supreme Court delivers ‘major win’ for tech privacy in Chatrie ruling

CyberScoop

The Supreme Court recently issued a ruling in the Chatrie case that is seen as a significant victory for technology privacy rights. Dissenting justices warned that this decision could lead to major changes in how the Fourth Amendment is interpreted, particularly regarding digital privacy and law enforcement's ability to access personal data. This ruling could impact how tech companies manage user data and how law enforcement conducts investigations. It raises important questions about the balance between privacy rights and public safety, making it a pivotal moment in the ongoing debate over digital privacy.

Jun 29, 2026

WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private

The Hacker News

WhatsApp has introduced a new feature allowing users to reserve usernames, which aims to enhance privacy for its more than three billion users. This optional feature enables individuals to connect with each other using usernames instead of sharing their phone numbers directly. The rollout of username reservations began on Monday, giving users a way to maintain their privacy while using the messaging service. This change is particularly significant as it reflects growing concerns about personal data exposure in digital communications. By providing an alternative to phone numbers, WhatsApp is responding to user demands for increased security and anonymity in their interactions.

Jun 29, 2026

U.S. offers $10 million for hackers targeting WhatsApp, Signal users

BleepingComputer

The U.S. Department of State is offering a reward of up to $10 million for information leading to the identification or location of hackers associated with two groups, UNC5792 and UNC4221. These groups are believed to have ties to Russian intelligence and military services and have been targeting users of encrypted messaging platforms like WhatsApp and Signal. This move underscores the ongoing concern about cyber threats to secure communication channels, particularly as more people rely on these platforms for private conversations. By incentivizing information about these hackers, the U.S. aims to disrupt their operations and enhance the security of messaging services used by millions. The reward reflects the seriousness of the threat posed by these groups and the need for collaboration in addressing cybercrime on a global scale.

Jun 29, 2026

⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More

The Hacker News

This week, a new vulnerability named DirtyClone was discovered in the Linux kernel, allowing local attackers to escalate privileges. This flaw emphasizes how even minor oversights, such as unpatched vulnerabilities or outdated access paths, can lead to significant security breaches. The threat is particularly concerning for users of affected Linux distributions, as attackers could potentially exploit this vulnerability to gain unauthorized access to sensitive systems. Additionally, discussions are underway in various forums about other emerging threats, including AI-driven malware tactics and the Turla backdoor, which could further complicate the security landscape. Organizations are urged to stay vigilant and apply necessary updates to protect against these risks.

Jun 29, 2026

Agentic AI Has an Identity Problem and Attackers Know It

BleepingComputer

The article discusses the growing security risks associated with AI agents in enterprise systems. These AI agents have the ability to access sensitive data and perform actions across different platforms, which makes them a valuable target for attackers. Token Security emphasizes that as organizations increasingly rely on these AI tools, the importance of managing and securing their identities becomes critical. Failure to do so could lead to unauthorized access and data breaches, potentially compromising the entire enterprise infrastructure. It is essential for companies to implement robust identity governance strategies to mitigate these risks and protect their systems.

Jun 29, 2026

Critical SimpleHelp flaw exploited to deploy new stealer malware

BleepingComputer

Hackers are taking advantage of a serious vulnerability (CVE-2026-48558) in SimpleHelp, a remote support software, to deploy a new type of malware known as Djinn Stealer. This malware is capable of stealing information across multiple operating systems, including Windows, macOS, and Linux. Users of SimpleHelp are at risk as the flaw allows attackers to infiltrate systems and extract sensitive data without detection. The emergence of this undocumented malware raises concerns about the security of remote support tools, as they are commonly used by businesses and individuals for remote access. It is crucial for users to remain vigilant and apply any necessary updates to protect their information.

Jun 29, 2026