{
	"id": "48c93bea-cd4d-4140-bbd5-82c6d6ecb786",
	"created_at": "2026-04-06T00:21:15.576939Z",
	"updated_at": "2026-04-10T13:12:51.220226Z",
	"deleted_at": null,
	"sha1_hash": "faecffac083a07ac422555d1a555414b76ffc349",
	"title": "New NONEUCLID RAT Malware Infected Multiple Devices Worldwide",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 768833,
	"plain_text": "New NONEUCLID RAT Malware Infected Multiple Devices\r\nWorldwide\r\nBy AnuPriya\r\nPublished: 2024-12-09 · Archived: 2026-04-05 22:44:51 UTC\r\nA new Remote Access Trojan (RAT) named NONEUCLID has emerged in the cyber threat landscape, infecting\r\ndevices worldwide.\r\nDeveloped under the alias SheetRAT (also known as LiberiumRAT or ShadowRoot), this malware has gained\r\nattention for its advanced capabilities, making it a potent tool for cybercriminals.\r\nAccording to cybersecurity experts, NONEUCLID RAT is equipped with features such as a rootkit, autoload\r\nfunctionality, and a User Account Control (UAC) bypass. These functionalities allow the malware to maintain\r\npersistence on infected systems and evade detection.\r\nAdditionally, NONEUCLID employs obfuscation techniques and anti-debugging mechanisms to make reverse\r\nengineering and analysis by security researchers more challenging.\r\nThe malware also integrates a botnet framework and utilizes Discord webhooks for command-and-control\r\ncommunication, enabling attackers to remotely control compromised machines.\r\nGlobal Impact and Potential Threats\r\nAccording to the post from cyberundergroundfeed, the spread of NONEUCLID RAT has been reported globally,\r\nwith victims ranging from individual users to organizations.\r\nhttps://cyberpress.org/noneuclid-rat-malware/\r\nPage 1 of 4\n\nIts ability to bypass security measures and remain undetected for extended periods poses a significant threat to\r\ndata privacy and system integrity.\r\nCybersecurity analysts warn that the malware’s botnet capabilities could be exploited for large-scale attacks,\r\nincluding Distributed Denial-of-Service (DDoS) operations or data exfiltration campaigns.\r\nWhat sets NONEUCLID apart from other RATs is its inclusion of unusual features such as “jokes,” suggesting\r\nthat its creators may be experimenting with unconventional functionalities or attempting to mock their victims.\r\nDespite this seemingly playful element, the malware’s overall design underscores its dangerous potential in the\r\nhands of skilled attackers.\r\nCall for Vigilance and Mitigation\r\nhttps://cyberpress.org/noneuclid-rat-malware/\r\nPage 2 of 4\n\nCybersecurity professionals are urging users and organizations to remain vigilant against this emerging threat.\r\nTo mitigate the risk of infection, it is recommended to implement robust endpoint protection solutions, regularly\r\nupdate software, and avoid downloading files or clicking on links from untrusted sources.\r\nSecurity teams should also monitor network traffic for suspicious activity associated with Discord webhooks or\r\nbotnet communications.\r\nThe rise of NONEUCLID RAT highlights the evolving sophistication of cyber threats in 2024.\r\nAs attackers continue to develop more advanced tools, collaboration between cybersecurity firms, governments,\r\nand individuals will be essential to combat these threats effectively.\r\nAlso Read:\r\nAnuPriya\r\nAny Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data\r\nbreaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security\r\ntrends.\r\nhttps://cyberpress.org/noneuclid-rat-malware/\r\nPage 3 of 4\n\nSource: https://cyberpress.org/noneuclid-rat-malware/\r\nhttps://cyberpress.org/noneuclid-rat-malware/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://cyberpress.org/noneuclid-rat-malware/"
	],
	"report_names": [
		"noneuclid-rat-malware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434875,
	"ts_updated_at": 1775826771,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/faecffac083a07ac422555d1a555414b76ffc349.pdf",
		"text": "https://archive.orkl.eu/faecffac083a07ac422555d1a555414b76ffc349.txt",
		"img": "https://archive.orkl.eu/faecffac083a07ac422555d1a555414b76ffc349.jpg"
	}
}