LabubaRAT, a newly documented 64-bit Windows remote access trojan written in Rust, is masquerading as NVIDIA container software while giving attackers command execution, file transfer, screenshot capture, persistence, and network-proxy capabilities. Defenders should hunt for the unsigned executable
Blackpoint Cyber’s Adversary Pursuit Group detailed the malware on July 14, 2026, after researchers Sam Decker and Nevan Beal analyzed a sample posing as the “NVIDIA Container Runtime Monitor.” The file borrows NVIDIA-themed version information, filenames, and runtime artifacts, but Blackpoint found that its behavior does not match a legitimate NVIDIA component.
The immediate risk is not a vulnerability in NVIDIA software. LabubaRAT instead abuses the company’s identity to make a malicious process look plausible on Windows systems where GPU, container, AI, or developer tooling may already be present.
The analyzed sample is an unsigned Windows GUI executable compiled in Rust. Alongside the
LabubaRAT also creates the mutex
Blackpoint recorded a PE compilation timestamp of June 17, 2026, at 23:16:55 UTC. Rust build paths embedded in the sample included
None of these names proves legitimacy. The combination of trusted-vendor metadata, a convincing system-style filename, and an environment where NVIDIA software is expected is precisely what gives the disguise value.
The malware does not need to be a byte-for-byte imitation of a genuine NVIDIA binary. It only needs to survive an initial glance at Task Manager, an autorun entry, a software inventory, or an endpoint alert long enough for the operator to act.
The implant also accepts a
That runtime model makes the same compiled binary reusable. An operator can change infrastructure, divide infected machines into groups, or deploy the implant for another customer or campaign without rebuilding the executable.
Blackpoint said the organization-and-group structure, combined with the backend panel, suggests LabubaRAT may have been designed as a malware-as-a-service platform. That remains an assessment rather than confirmed information about its operators, but the architecture resembles a managed framework more than a one-off payload.
The malware’s name comes from the “LabubaPanel” title and Labubu-themed favicon found on associated command-and-control infrastructure. Blackpoint also identified three related IP addresses hosted by German providers, with infrastructure appearing from early June around the same period in which the analyzed binary was compiled.
What remains unclear is how victims are initially persuaded or forced to run
The implant then inventories the Windows machine so its operator can decide what to do next. Collected data includes the hostname, processor model, installed RAM, domain information, IP address, User Account Control status, installed browsers, and security products.
Browser discovery covers Google Chrome, Mozilla Firefox, Microsoft Edge, and Brave. Security-product checks include Microsoft Defender, CrowdStrike, SentinelOne, Carbon Black, Sophos, Malwarebytes, Bitdefender, ESET, Kaspersky, McAfee, Symantec, and Trend Micro.
This reconnaissance is operationally useful. Knowing whether an endpoint runs Microsoft Defender alone or is monitored by an enterprise EDR platform can influence which commands the attacker attempts, which scripts are avoided, and how quickly the system is turned into a staging or proxy host.
After registration, LabubaRAT can execute commands through
The RAT can also:
Its HTTPS implementation can use browser-style User-Agent strings and bearer authentication. WebView2 allows network activity to occur through an embedded Microsoft Edge-backed context, potentially making the traffic look more like communication from a desktop application using a legitimate Windows web component.
DNS tunneling is the fallback with the most obvious defensive implications. Blackpoint found logic for encoded DNS payloads, chunking, resolver selection, polling, and timeout handling, indicating that the channel was intended to carry task data rather than merely resolve a command-and-control hostname.
Blocking
A compromised machine can also become a SOCKS5 proxy, allowing attackers to route other traffic through a trusted corporate endpoint. Incident responders therefore need to examine lateral activity and outbound connections rather than assuming the RAT’s effect ends at remote command execution.
Administrators should search endpoints and telemetry for
The analyzed sample has the SHA-256 hash
Process monitoring can expose behavior that filenames cannot hide. Unusual parent processes spawning
LabubaRAT’s strongest advantage is not Rust by itself or any single novel technique. It is the packaging of familiar remote-access functions into a configurable, reusable Windows implant that borrows NVIDIA’s identity and can switch among multiple communications channels. Until researchers establish the initial delivery method and the scale of active deployment, endpoint hunting and verification of purported NVIDIA binaries remain the most concrete defensive steps.
nvidia-sysruntime.exe, the local database nvctr_sys.db, and suspicious user-level autorun entries carrying Base64-encoded arguments.Blackpoint Cyber’s Adversary Pursuit Group detailed the malware on July 14, 2026, after researchers Sam Decker and Nevan Beal analyzed a sample posing as the “NVIDIA Container Runtime Monitor.” The file borrows NVIDIA-themed version information, filenames, and runtime artifacts, but Blackpoint found that its behavior does not match a legitimate NVIDIA component.
The immediate risk is not a vulnerability in NVIDIA software. LabubaRAT instead abuses the company’s identity to make a malicious process look plausible on Windows systems where GPU, container, AI, or developer tooling may already be present.
The NVIDIA Costume Extends Beyond the Filename
The analyzed sample is an unsigned Windows GUI executable compiled in Rust. Alongside the nvidia-sysruntime.exe filename, its version metadata references NVIDIA Corporation, NVIDIA Container Runtime Monitor, and NVIDIA Container Toolkit.LabubaRAT also creates the mutex
Local\NVIDIAContainerMonitor_SingleInstance, preventing multiple instances from running while maintaining the appearance of an NVIDIA background component. Its debug information uses the name nvidia_container.pdb, extending the disguise into artifacts that an administrator or analyst might encounter during an investigation.Blackpoint recorded a PE compilation timestamp of June 17, 2026, at 23:16:55 UTC. Rust build paths embedded in the sample included
C:\Users\funt\.cargo\registry\, exposing funt as the apparent username of the build environment.None of these names proves legitimacy. The combination of trusted-vendor metadata, a convincing system-style filename, and an environment where NVIDIA software is expected is precisely what gives the disguise value.
The malware does not need to be a byte-for-byte imitation of a genuine NVIDIA binary. It only needs to survive an initial glance at Task Manager, an autorun entry, a software inventory, or an endpoint alert long enough for the operator to act.
One Binary Can Serve Multiple Campaigns
LabubaRAT’s command-and-control configuration is not fixed inside the executable. Operators can supply values such as the organization, group, server, API key, device name, DNS settings, and polling interval through command-line arguments or corresponding environment variables using aZM_ prefix.The implant also accepts a
-b parameter containing the configuration as one Base64-encoded block. Blackpoint observed a configuration that decoded to the organization luxespa, the group rabbit, an API key, and the command-and-control server pipicka[.]xyz.That runtime model makes the same compiled binary reusable. An operator can change infrastructure, divide infected machines into groups, or deploy the implant for another customer or campaign without rebuilding the executable.
Blackpoint said the organization-and-group structure, combined with the backend panel, suggests LabubaRAT may have been designed as a malware-as-a-service platform. That remains an assessment rather than confirmed information about its operators, but the architecture resembles a managed framework more than a one-off payload.
The malware’s name comes from the “LabubaPanel” title and Labubu-themed favicon found on associated command-and-control infrastructure. Blackpoint also identified three related IP addresses hosted by German providers, with infrastructure appearing from early June around the same period in which the analyzed binary was compiled.
What remains unclear is how victims are initially persuaded or forced to run
nvidia-sysruntime.exe. Blackpoint’s published analysis focuses on the implant itself and does not establish a specific delivery vector such as phishing, malicious advertising, compromised downloads, or exploitation. Organizations should therefore avoid treating this as a confirmed NVIDIA installer campaign until further evidence emerges.Host Profiling Comes Before Operator Tasking
Once configured, LabubaRAT stores local state in the SQLite databasenvctr_sys.db. The database can retain enrollment details, device tokens, server information, DNS configuration, and polling intervals between executions.The implant then inventories the Windows machine so its operator can decide what to do next. Collected data includes the hostname, processor model, installed RAM, domain information, IP address, User Account Control status, installed browsers, and security products.
Browser discovery covers Google Chrome, Mozilla Firefox, Microsoft Edge, and Brave. Security-product checks include Microsoft Defender, CrowdStrike, SentinelOne, Carbon Black, Sophos, Malwarebytes, Bitdefender, ESET, Kaspersky, McAfee, Symantec, and Trend Micro.
This reconnaissance is operationally useful. Knowing whether an endpoint runs Microsoft Defender alone or is monitored by an enterprise EDR platform can influence which commands the attacker attempts, which scripts are avoided, and how quickly the system is turned into a staging or proxy host.
After registration, LabubaRAT can execute commands through
cmd.exe, PowerShell, or JavaScript. Its JavaScript route writes temporary files using a wupd_ prefix and invokes them through Windows Script Host, potentially giving attackers another execution path when PowerShell receives greater monitoring or policy restrictions.The RAT can also:
- Capture the Windows desktop through GDI APIs and return screenshots as Base64-encoded data.
- Upload, download, delete, archive, and extract files.
- Create directories and package collections of files for removal from the machine.
- Start a SOCKS5 relay that routes operator traffic through the compromised endpoint.
- Install itself through an
HKCU\Software\Microsoft\Windows\CurrentVersion\Runentry.
-b configuration, it can preserve the implant’s server and enrollment settings while making the autorun command less immediately readable.Three Communication Paths Complicate Containment
LabubaRAT supports ordinary HTTPS polling, Microsoft Edge WebView2-based communication, and DNS tunneling. That gives the implant several ways to contact its operator rather than depending on one easily blocked channel.Its HTTPS implementation can use browser-style User-Agent strings and bearer authentication. WebView2 allows network activity to occur through an embedded Microsoft Edge-backed context, potentially making the traffic look more like communication from a desktop application using a legitimate Windows web component.
DNS tunneling is the fallback with the most obvious defensive implications. Blackpoint found logic for encoded DNS payloads, chunking, resolver selection, polling, and timeout handling, indicating that the channel was intended to carry task data rather than merely resolve a command-and-control hostname.
Blocking
pipicka[.]xyz and the currently identified IP addresses is sensible, but infrastructure blocking alone is not sufficient. The runtime configuration allows another operator or deployment to point the same executable at different servers, DNS domains, and polling settings.A compromised machine can also become a SOCKS5 proxy, allowing attackers to route other traffic through a trusted corporate endpoint. Incident responders therefore need to examine lateral activity and outbound connections rather than assuming the RAT’s effect ends at remote command execution.
Windows Defenders Have Concrete Artifacts to Hunt
Blackpoint recommends prioritizing unsigned executables that claim to be NVIDIA software but run from unexpected locations or exhibit persistence, command execution, or outbound network activity. Legitimate-sounding filenames should be validated through digital signatures, file paths, installed-product records, and known software deployment processes.Administrators should search endpoints and telemetry for
nvidia-sysruntime.exe, nvctr_sys.db, accompanying SQLite -wal and -shm files, the Local\NVIDIAContainerMonitor_SingleInstance mutex, and wupd_ JavaScript files. Autorun reviews should include HKCU Run entries containing long Base64-like values or unknown executables launched with -b.The analyzed sample has the SHA-256 hash
b7443b0ab48d2f5786d1b6f3a580f02621e9ae5a3877ee3a44e01df13d984328. Blackpoint also associated 191.44.109[.]130, 87.120.108[.]18, and 168.222.254[.]204 with related infrastructure.Process monitoring can expose behavior that filenames cannot hide. Unusual parent processes spawning
cmd.exe, powershell.exe, wscript.exe, or cscript.exe, particularly alongside screenshot capture, archive creation, encoded command lines, or unexplained network connections, deserve investigation.LabubaRAT’s strongest advantage is not Rust by itself or any single novel technique. It is the packaging of familiar remote-access functions into a configurable, reusable Windows implant that borrows NVIDIA’s identity and can switch among multiple communications channels. Until researchers establish the initial delivery method and the scale of active deployment, endpoint hunting and verification of purported NVIDIA binaries remain the most concrete defensive steps.
References
- Primary source: secnews.gr
Published: 2026-07-15T11:10:00+00:00
LabubaRAT disguises itself as NVIDIA software and targets Windows
LabubaRAT is a new remote access trojan that disguises itself as NVIDIA software to target Windows.www.secnews.gr - Related coverage: thehackernews.com
LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts
LabubaRAT poses as NVIDIA software, profiles security tools, and uses HTTPS, WebView2, or DNS tunneling to maintain remote access on Windows hosts.thehackernews.com
- Related coverage: it-boltwise.de
LabubaRAT: Rust-RAT tarnt sich als NVIDIA-Software und steuert Windows-Hosts
LabubaRAT ist ein Rust-RAT, der sich als NVIDIA-Software tarnt. Er profiliert Hosts, nutzt mehrere C2-Kanäle und lässt sich per Startparametern flexibel steuern.www.it-boltwise.de
- Related coverage: scworld.com
New Rust-based RAT named LabubaRAT impersonates NVIDIA software | brief | SC Media
LabubaRAT operates by impersonating NVIDIA's container runtime toolkit, using an executable named "nvidia-sysruntime.exe."www.scworld.com - Related coverage: geekzilla.tech
Malware LabubaRAT se disfraza de software de NVIDIA para controlar
Enteráte de cómo el malware LabubaRAT se disfraza de software de NVIDIA para controlar sistemas Windows y los riesgos que representa.geekzilla.tech - Related coverage: boerse-express.com
LabubaRAT und MODBEACON: Zwei neue Rust-Trojaner attackieren Windows
Zwei neuartige Rust-basierte Trojaner greifen Windows-Systeme an. LabubaRAT tarnt sich als NVIDIA-Software, MODBEACON zielt auf die Glücksspielbranche.www.boerse-express.com