RAT Archives - Cyber Security Minute

US AI experts targeted in cyberespionage campaign using SugarGh0st RAT

Issued by: CSO Online

Security researchers have warned about a new cyberespionage campaign that targets artificial intelligence experts working in private industry, government and academia. The attackers, likely of Chinese origin, are using a remote access trojan (RAT) called SugarGh0st. “The timing of the recent campaign coincides with an 8 May 2024 report from Reuters, revealing that the US…

Malware & Threats

Hacker group hides malware in images to target Ukrainian organizations

Issued by: CSO Online

A group of attackers targeting Ukraine-affiliated organizations has been delivering malicious payloads hidden within the pixels of image files. Known as steganography, it is just one of many advanced techniques the group uses to evade detection as part of a malware loader known as IDAT. Tracked as UAC-0184 by several security firms, as well as…

Malware & Threats

Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer

Issued by: SecurityWeek

Using the online handle of ‘EVLF DEV’ and operating out of Syria for the past eight years, the individual is believed to have made over $75,000 from selling the two RATs to various threat actors. The same person is also a malware-as-a-service (MaaS) operator, according to Cyfirma. For the past three years, EVLF has been…

Malware & Threats

New ‘Alchimist’ Attack Framework Targets Windows, Linux, macOS

Issued by: Security Week

Dubbed Alchimist and already used in the wild, the attack framework is implemented in GoLang, the same as the Insekt RAT that it implants on compromised systems. The attack framework provides a web interface written in simplified Chinese that allows operators to generate and deploy malicious payloads, establish remote connections, execute code on the compromised…

Malware & Threats

Patchwork APT caught in its own web

Issued by: Blog Malwarebytes

Patchwork is an Indian threat actor that has been active since December 2015 and usually targets Pakistan via spear phishing attacks. In its most recent campaign from late November to early December 2021, Patchwork has used malicious RTF files to drop a variant of the BADNEWS (Ragnatela) Remote Administration Trojan (RAT). What is interesting among…

Malware & Threats

Attackers Employ Sneaky New Method to Control Trojans

Issued by: Dark Reading

A new malware sample shows threat actors have begun using DNS TXT record and queries for C2 communications, Cisco Talos says, Security researchers at Cisco’s Talos intelligence and research group have discovered what they describe as an extremely evasive and uncommon way for threat actors to command and to communicate with a Remote Access Trojan…