The full source code of SilverRAT, a notorious remote access trojan (RAT), has been leaked online, briefly appearing on GitHub under the repository name SilverRAT-FULL-Source-Code before being swiftly taken down. According to a snapshot captured by Hackread.com via the Wayback Machine, the repository included detailed project features, build instructions, and a marketing-style dashboard screenshot.
SilverRAT, developed in C# and attributed to a group called Anonymous Arabic stemming from Syria, first emerged in late 2023. This malicious tool provides attackers with extensive control over infected Windows systems, allowing a range of malicious activities, including cryptocurrency wallet monitoring, data exfiltration via Discord webhooks, and password stealing from browsers and applications. The malware has gained traction in underground forums, marketed as malware-as-a-service (MaaS) (source).
The leaked GitHub repository, posted by a user identified as Jantonzz, was touted as sharing the “latest version” of SilverRAT, complete with Visual Studio solution files and modular code easily compiled with minimal programming knowledge. Despite claiming the tool was for educational purposes, its extensive list of features indicated an intention for real-world criminal use. This repository included promises of a “Private Stub,” a custom version guaranteed to be undetectable, available via email within two days.
While the repository was expeditiously removed by GitHub, the brief availability allowed enough time for academic and security circles to archive and disseminate the information (source). The implications of this leak are alarming; cybercriminals of varying skill levels may now leverage the code to compile, modify, or create variants of the malware.
Notably, this leak is not an isolated incident. SilverRAT’s source code had previously been offered for sale on the infamous Russian cybercrime forum XSS for as little as $100 in a February 2025 post. As the malware’s development is linked to Arabic-speaking cybercrime factions, this leak could potentially widen its distribution and enhance the threat landscape for digital security (source).