Skip to content
MalwareWiki

RAT

Sorillus RAT

Sorillus is a Java-based multifunctional remote access trojan (RAT) that targets Linux, macOS, and Windows operating systems.

Sorillus RAT is a Java rat.

Background

Sorillus is a cross-platform, Java-written remote access trojan (RAT) capable of running on Linux, macOS, and Windows. Built in 2019, it drew wider notice in 2022 as obfuscated client builds started showing up on VirusTotal from January 18, 2022 onward. Its now-offline site (hxxps://sorillus[.]com) advertised lifetime licenses for 59.99€, discounted to 19.99€ at one point, with payment accepted in several cryptocurrencies.

According to its author and seller, a YouTube user going by "Tapt," the malware could harvest a range of details from compromised hosts, such as:

HardwareID

Username

Country

Language

Webcam footage

Headless status

Operating system details

Client version

The project ceased operating in 2025 in the wake of the FBI's Operation "Talent," which dismantled much of the cracking ecosystem, including Sellix, the payment platform Sorillus depended on. With that financial backbone gone, the RAT stopped functioning roughly 5 days afterward.

Source: Malpedia (Fraunhofer FKIE).