Intel Name: The strange tale of ischhfd83: when cybercriminals eat their own
Date of Scan: June 10, 2025
Impact: High
Summary: Our investigation into Sakura RAT revealed two key findings. First, the RAT itself posed minimal threat to our customer. Second, while the repository contained malicious code, it was actually designed to infect developers compiling the RAT, embedding infostealers and other backdoors. This led us to uncover links between the Sakura RAT “developer” and over a hundred similar backdoored repositories, ranging from hacking tools to gaming cheats. Further analysis exposed a complex web of obfuscation, infection chains, and multiple backdoor variants—indicating a broader campaign aimed at compromising novice hackers and game cheaters at scale.
