Headline
SilverRAT Source Code Leaked Online: Here’s What You Need to Know
SilverRAT Source Code leaked on GitHub, exposing powerful malware tools for remote access, password theft, and crypto attacks before removal.
The full source code of SilverRAT, a notorious remote access trojan (RAT), has been leaked online briefly appearing on GitHub under the repository “SilverRAT-FULL-Source-Code” before being swiftly taken down.
A snapshot of the repository, captured by Hackread.com via the Wayback Machine, reveals the entire project, its features, build instructions, and even a flashy marketing-style dashboard screenshot.
Screenshot from the now deleted GitHub post (Image credit: Hackread.com)
****What Is SilverRAT?****
SilverRAT is a remote access trojan developed in C#, first surfacing in late 2023. It was attributed to a group known as Anonymous Arabic, believed to operate out of Syria. This tool gives attackers control over infected Windows systems, offering a range of malicious capabilities.
Researchers who have analyzed SilverRAT say it has become popular in underground forums, where it’s offered as malware-as-a-service (MaaS). Its feature set includes:
- Cryptocurrency wallet monitoring
- Hidden applications and processes
- Data exfiltration through Discord webhooks
- Exploit builders for Word, Excel, VBScript, and JavaScript files
- Antivirus bypass and binder functions to bundle multiple payloads
- Hidden RDP and VNC sessions (allowing attackers to take over a system invisibly)
- Password stealing from browsers, apps, games, bank cards, Wi-Fi, and system credentials
The malware’s design and use of Arabic-language components suggest its roots lie in the Middle East, though it’s been observed in campaigns targeting victims globally. The developer behind SilverRAT has been identified as noradlb1, publicly known as MonsterMC.
****Details of the Source Code Leak****
The leaked GitHub repository, posted by a user named Jantonzz, claimed to share the “latest version” of SilverRAT. The project included Visual Studio solution files, build instructions, and code modules that could be easily compiled by anyone with basic .NET knowledge.
The repository description boasted that the RAT is “provided for learning and experimentation purposes only,” though the long list of weaponized features leaves little doubt about its real-world criminal applications. It even promised a “Private Stub,” a customized, fully undetectable (FUD) version that would supposedly be delivered by email within two days.
Within hours, GitHub took down the repository, likely in response to reports or automatic detection of malware content. However, the brief window of public access was enough for the snapshot to be archived and circulated in security research circles.
As of now, the repository has been removed from GitHub, but the archived snapshot (attached below) shows its full content, including the dashboard image, build files, and README instructions:
Screenshot from the now deleted GitHub post (Image credit: Hackread.com)
****Legitimacy and Consequences****
While leaked malware source code often comes with a disclaimer of being “for educational purposes,” the reality is that these leaks can boost cybercrime. With SilverRAT now available to the public, even low-level cybercriminals without programming skills can compile their own copies, modify the malware, or create new variants.
Given that the original developer is believed to have connections to Arabic-speaking cybercrime groups, this leak could expand the malware’s reach to new regions and actors.
****Apparently Not the First Time****
While researching SilverRAT, we found that its source code has also been sold on the notorious Russian cybercrime forum XSS. In a February 2025 post, a seller was offering the full source code for just $100.