Security News > 2022 > September > Malware dev open-sources CodeRAT after being exposed

The source code of a remote access trojan dubbed 'CodeRAT' has been leaked on GitHub after malware analysts confronted the developer about attacks that used the tool.

More specifically, CodeRAT supports about 50 commands and comes with extensive monitoring capabilities targeting webmail, Microsoft Office documents, databases, social network platforms, integrated development environment for Windows Android, and even individual websites like PayPal.

To communicate with its operator and to exfiltrate stolen data, CodeRAT uses a Telegram-based mechanism that relies on a public anonymous file upload API instead of the more common command and control server infrastructure.

Although the campaign stopped abruptly when the researchers contacted the malware developer, CodeRAT is likely to become more prevalent now that its author made the source code public,.

The malware supports around 50 commands that include taking screenshots, copying clipboard content, getting a list of running processes, terminating processes, checking GPU usage, downloading, uploading, deleting files, executing programs.

Malware developers are always looking for malware code that can be easily turned into a new "Product" that would increase their profits.

News URL

https://www.bleepingcomputer.com/news/security/malware-dev-open-sources-coderat-after-being-exposed/