SYMBOLCOMMON_NAMEaka. SYNONYMS
jar.sorillus (Back to overview)

Sorillus RAT

Sorillus is a Java-based multifunctional remote access trojan (RAT) that targets Linux, macOS, and Windows operating systems. First created in 2019, the tool gained significant attention in 2022 when various obfuscated client versions began appearing on VirusTotal starting January 18, 2022. The RAT's features were detailed on its now-defunct website (hxxps://sorillus[.]com), where it was marketed for lifetime access at 59.99€, with a discounted price of 19.99€ at the time. Payments were conveniently accepted via various cryptocurrencies.

The creator and distributor of Sorillus, a YouTube user known as "Tapt," claimed the tool could collect sensitive information from infected systems, including:

HardwareID

Username

Country

Language

Webcam footage

Headless status

Operating system details

Client version

However, Sorillus was shut down in 2025 following the FBI's Operation "Talent," which targeted alot of the Cracking infrastucture which included Sellix, the payment portal used by Sorillus for transactions. This operation disrupted the financial infrastructure supporting the RAT, leading to its cessation of operations 5 days later.

References
2022-04-06AbnormalAbnormal Security
Tax Return Customer Campaign Attempts to Infect Victims with Sorillus RAT
Sorillus RAT

There is no Yara-Signature yet.