Insecurity experts at Cyfirma have spotted this monstrous remote access trojan freshly dumped on GitHub, boasting a feature set that reads like malware bingo: password theft from 270+ apps, crypto clipping, ransomware payloads, live desktop snooping, OS destruction, and stealth tech to boot.
Cyfirma said the new version was “An extremely serious threat.” and can be delivered via Telegram and YouTube with slick “Most Advanced RAT” branding.
The new Neptune variant hijacks Chromium-based browsers like Chrome, Brave, and Opera using a Chromium.dll attack that decrypts stored login data before quietly offloading it to hacker HQ. It even installs itself as a scheduled Windows task—running every minute in full stealth mode—to maintain access and reboot with the system.
There’s ransomware too. Once active, it dumps a “How to Decrypt My Files.html” note onto the victim’s desktop, locks up everything under .ENC extensions, and demands a ransom to unlock the digital hostage.
Cyfirma notes there’s likely an even nastier version of Neptune RAT behind a paywall. Meaning what’s out in the wild may be just the low-end demo.
Vole has already warned that Windows 10 support ends on 14 October 2025—so if you're still clinging to it without a patching solution in place, you're basically handing Neptune RAT the keys to the kingdom.
