NiceRAT Malware Targets South Korean Customers by way of Cracked Software program

Jun 17, 2024NewsroomBotnet / Cryptocurrency

Risk actors have been noticed deploying a malware referred to as NiceRAT to co-opt contaminated gadgets right into a botnet.

The assaults, which goal South Korean customers, are designed to propagate the malware underneath the guise of cracked software program, corresponding to Microsoft Home windows, or instruments that purport to supply license verification for Microsoft Workplace.

“Due to the nature of crack programs, information sharing amongst ordinary users contributes to the malware’s distribution independently from the initial distributor,” the AhnLab Safety Intelligence Heart (ASEC) mentioned.

“Because threat actors typically explain ways to remove anti-malware programs during the distribution phase, it is difficult to detect the distributed malware.”

Alternate distribution vectors contain the usage of a botnet comprising zombie computer systems which can be infiltrated by a distant entry trojan (RAT) referred to as NanoCore RAT, mirroring prior exercise that leveraged the Nitol DDoS malware for propagating one other malware dubbed Amadey Bot.

Cybersecurity

NiceRAT is an actively developed open-source RAT and stealer malware written in Python that makes use of a Discord Webhook for command-and-control (C2), permitting the risk actors to siphon delicate info from the compromised host.

First launched on April 17, 2024, the present model of this system is 1.1.0. It is also out there as a premium model, in response to its developer, suggesting that it is marketed underneath the malware-as-a-service (MaaS) mannequin.

The event comes amid the return of a cryptocurrency mining botnet known as Bondnet, which has been detected utilizing the high-performance miner bots as C2 servers since 2023 by configuring a reverse proxy utilizing a modified model of a respectable device referred to as Quick Reverse Proxy (FRP).

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we put up.

Recent articles

9 Worthwhile Product Launch Templates for Busy Leaders

Launching a product doesn’t should really feel like blindly...

How Runtime Insights Assist with Container Safety

Containers are a key constructing block for cloud workloads,...

Microsoft Energy Pages Misconfigurations Leak Tens of millions of Information Globally

SaaS Safety agency AppOmni has recognized misconfigurations in Microsoft...