Skip to content
feed: live
>_ 0dayNews
threat intel
● Breaking

Blackpoint flags LabubaRAT: Rust MaaS RAT poses as NVIDIA

Blackpoint Cyber's Sam Decker and Nevan Beal document LabubaRAT — a Rust MaaS trojan on Windows that ships as nvidia-sysruntime.exe with runtime config.

Blackpoint flags LabubaRAT: Rust MaaS RAT poses as NVIDIA
Image: 0dayNews / 0dayNews Editorial · All rights reserved
airgap airgap · Published · 3 min read

Confirmed: Blackpoint Cyber researchers Sam Decker and Nevan Beal documented LabubaRAT on July 14, 2026 — a previously undocumented Rust-based remote access trojan for Windows that ships as nvidia-sysruntime.exe, imitating the NVIDIA container runtime toolkit. Confidence on the discovery, the language, and the masquerade filename: high, per Blackpoint’s writeup as reported by The Hacker News. Confidence on scope of victims and campaign attribution: unconfirmed — treat accordingly.

What Blackpoint reports

A single compiled binary. Not a bespoke build per target — configuration is supplied at runtime, either as discrete command-line arguments or as a single Base64-encoded blob. Blackpoint’s own framing, quoted in the report: “the same compiled binary could be reused with different infrastructure, organizations, or campaign groupings.” That’s the MaaS shape, and Blackpoint says it. Confidence: as-reported.

On-host capabilities, per Blackpoint:

  • Command execution, PowerShell execution, and JavaScript execution.
  • Screenshot capture.
  • File upload, download, and archive handling.
  • SOCKS5 proxy support.
  • Host profile — hostname, RAM, CPU model, UAC state.

Before it settles in, LabubaRAT enumerates what’s already on the box. The inventory list Blackpoint published names browsers (Chrome, Firefox, Edge, Brave) and security products (Microsoft Defender, CrowdStrike, SentinelOne, Carbon Black, Sophos, Malwarebytes, Bitdefender, ESET, Kaspersky, McAfee, Symantec, Trend Micro). Confidence: as-reported. We are not publishing detection-evasion mechanics.

Configuration lands in a local SQLite database. C2 supports HTTPS, WebView2, and DNS tunneling — three separate channels that let the same binary talk out of environments with different egress postures. Blackpoint names one C2 host so far: pipicka[.]xyz. Confidence on the host and the three channel types: high, as-reported.

The MaaS branding

Blackpoint ties the tooling to a control panel called “LabubaPanel” and notes a matching Labubu-themed favicon on associated infrastructure. That’s enough shared branding to treat this as a rented offering rather than a bespoke tool, but Blackpoint has not — as of publication — named a seller, a pricing tier, or a customer list. Confidence: as-reported. Attribution to any specific threat actor: unconfirmed — treat accordingly.

Persistence

User-level autostart. No separate loader required — the RAT handles its own foothold. Blackpoint does not report the specific autostart mechanism in the summary we have. Confidence: as-reported.

What we can and cannot say about victims

Cannot say: who has been hit, in which countries, in which industries, under which campaign name. Blackpoint’s July 14 writeup is a malware analysis, not a victim disclosure. Unconfirmed — treat accordingly.

Can say: the artifact is designed to blend into environments that already run NVIDIA tooling — machine-learning workstations, CUDA build hosts, video-encoding pipelines, GPU-provisioned servers. A file named nvidia-sysruntime.exe on any of those looks native. Confidence on the masquerade choice’s plausibility as blending: high, by inspection of the naming.

What to actually do

If you run Windows hosts with NVIDIA tooling installed:

  1. Grep endpoint and EDR telemetry for nvidia-sysruntime.exe. The real NVIDIA container runtime does not use that filename. Any hit is worth pulling apart. Confidence: high — filename is the report’s headline IoC.
  2. Grep proxy and DNS logs for pipicka[.]xyz across your retention window. One hit is one host to isolate. Confidence on the C2: as-reported — Blackpoint’s July 14 publication.
  3. Alert on new user-level autostart entries on hosts that shouldn’t be getting them (developer workstations excepted). Standard hygiene; the report reinforces why.

None of the above assumes you are compromised. All three assume you would rather know than not.

Timeline

  • July 14, 2026 — Blackpoint Cyber publishes the LabubaRAT analysis; The Hacker News summarizes the same day.
  • Unconfirmed — first observed deployment date, size of any victim pool, whether operators have added a second C2 since publication.

We will update when Blackpoint or another vendor names a victim, a country, or a campaign.

Sources

Found this useful? Share it.