A new remote access trojan (RAT) known as Steaelite has emerged on cybercrime networks, enabling attackers to conduct double extortion attacks by integrating data theft and ransomware functionalities. This tool is designed for use on Windows machines and is reported to be capable of credential and cryptocurrency theft, live surveillance, and more, all managed from a centralized dashboard.
Overview of Steaelite’s Capabilities
First identified by BlackFog researchers in November 2025, Steaelite is marketed as a fully undetectable RAT and is compatible with both Windows 10 and Windows 11. An Android module is reportedly in development, which could expand its reach to mobile devices. The RAT begins its data theft operations immediately upon connection, harvesting browser-stored passwords, session cookies, and application tokens without any commands from the operator.
Features of the Dashboard
The Steaelite dashboard features a primary toolbar along with two additional sections. The primary toolbar includes modules for various operations such as remote code execution, file management, live streaming, and webcam access. It also allows for clipboard monitoring, password recovery, and location tracking. For those looking to deploy ransomware, an advanced tools panel provides options for file encryption, disabling Windows Defender, and ensuring persistence on the victim’s system.
Implications for Cybersecurity
Steaelite simplifies the process of executing double extortion attacks, which involve stealing data before encrypting a victim’s files and threatening to leak the stolen information if a ransom is not paid. Previously, such attacks required separate malware for data exfiltration and encryption, often necessitating coordination between different cybercriminal actors. With Steaelite, both functionalities are integrated into a single interface, enhancing the efficiency of these attacks.
Distribution and Market Presence
The malware has gained traction on various forums, with its listing featuring numerous messages and a promotional video demonstrating its capabilities. This approach is typical for commercial RATs aiming to attract buyers beyond traditional cybercrime forums. As the Android version becomes available, a single Steaelite license could potentially cover both corporate Windows systems and the mobile devices used by employees, further broadening its impact.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
