SectopRAT
Also known as: 1xxbot, ArechClient
SectopRAT, aka ArechClient2, is a .NET RAT with numerous capabilities including multiple stealth functions. Arechclient2 can profile victim systems, steal information such as browser and crypto-wallet data, and launch a hidden secondary desktop to control browser sessions. Additionally, it has several anti-VM and anti-emulator capabilities.
C2 Infrastructure
Last 7 days
| Date | C2 Hosts |
|---|---|
| Apr 14, 2026 | 1 |
| Apr 13, 2026 | 2 |
| Apr 12, 2026 | 2 |
| Apr 11, 2026 | 5 |
| Apr 8, 2026 | 1 |
Further Reading
Elastic Security Labs detected a surge in ClickFix campaigns, using GHOSTPULSE to deploy Remote Access Trojans and data-stealing malware.
Elastic Security Labs reveals details of a new campaign leveraging defense evasion capabilities to infect victims with malicious MSIX executables.
This new remote access malware creates a second desktop that is invisible to the system's user. The threat actor can surf the Internet using the infected machine.
A recently discovered version of SecTopRAT adds encrypted C2 communications as well as several new commands - a clear sign that this malware is under active development. Learn more on the G DATA Blog!
Rapid7 has observed the Fake Browser Update lure utilizing a sophisticated new loader to execute infostealers.
Severity High Analysis Summary Microsoft stated that it is disabling the ms-appinstaller protocol handler again after various threat actors exploited it as an initial access vector to distribute ma...