nimbus rat

Nimbus RAT is a Java-based remote access trojan that uses trusted collaboration platforms for command and control. In a documented campaign from April 2026, threat actors combined Microsoft Teams voice phishing, Windows Quick Assist, a compromised SharePoint tenant, and cloud-hosted instructions to deliver Nimbus RAT. The malware communicates through Google Drive and Google Sheets on infected Windows endpoints. This attack path is notable because it assembles malware delivery from familiar enterprise tools rather than relying on crude attachments. For Windows administrators, the campaign highlights that the security perimeter now includes every helpful SaaS workflow, as the victim was socially engineered through legitimate enterprise tooling.