Security News > 2021 > July > BIOPASS RAT Uses Live Streaming Steal Victims’ Data

BIOPASS RAT Uses Live Streaming Steal Victims’ Data
2021-07-12 20:30

The malware was identified by a team of threat researchers at Trend Micro, and named BIOPASS RAT. "What makes BIOPASS RAT particularly interesting is that it can sniff its victim's screen by abusing the framework of Open Broadcaster Software Studio, a popular live streaming and video recording app, to establish live streaming to a cloud service via real-time messaging protocol," the Trend Micro team reported.

The attack misuses the object storage service of Alibaba Cloud to host the BIOPASS RAT Python scripts as well as to store the exfiltrated data from victims."

The task labeled "Big.txt" delivers the main BIOPASS RAT functionality, which the Trend Micro team added is compiled with Nuitka, PyArmor and PyInstaller.

From there BIOPASS RAT gets everything - the desktop is monitored and live streamed to the cloud with RTMP live streaming; PNG screenshots of the desktop are uploaded and a shell command triggers a Python function that can kill itself then restart through its scheduled tasks, the report added.

BIOPASS RAT even collects the victim's cookies and login data files.

The team's research led them to conclude the BIOPASS RAT has many links with APT41, also known as the Winnti group, which regularly uses stolen certificates from game studios for its malware.


News URL

https://threatpost.com/biopass-rat-live-streaming/167695/