SYMBOLCOMMON_NAMEaka. SYNONYMS
js.ottercandy (Back to overview)

OtterCandy

aka: HardHatRAT, UNSEENMINK

OtterCandy is a modular JavaScript backdoor that combines features from earlier malware families like OtterCookie and RATatouille (aka INVISIBLEFERRET.JAVASCRIPT). It steals sensitive information including browser credentials and cryptocurrency wallet data, and can execute commands like uploading files, changing directories, and self-termination. The malware communicates via socket.io protocol over port 5000 to receive and execute commands from attackers.

References
2025-10-15NTTRintaro Koike
OtterCandy, malware used by WaterPlum
OtterCandy

There is no Yara-Signature yet.