Security News

Webworm Hackers Using Modified RATs in Latest Cyber Espionage Attacks
2022-09-15 10:14

A threat actor tracked under the moniker Webworm has been linked to bespoke Windows-based remote access trojans, some of which are said to be in pre-deployment or testing phases. "The group has developed customized versions of three older remote access trojans, including Trochilus RAT, Gh0st RAT, and 9002 RAT," the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News.

Researchers Detail OriginLogger RAT — Successor to Agent Tesla Malware
2022-09-14 08:51

Palo Alto Networks Unit 42 has detailed the inner workings of a malware called OriginLogger, which has been touted as a successor to the widely used information stealer and remote access trojan known as Agent Tesla. A.NET based keylogger and remote access, Agent Tesla has had a long-standing presence in the threat landscape, allowing malicious actors to gain remote access to targeted systems and beacon sensitive information to an actor-controlled domain.

Meet Borat RAT, a New Unique Triple Threat
2022-08-22 12:32

Borat RAT malware goes beyond the standard features and enables threat actors to deploy ransomware and DDoS attacks. Borat RAT is a unique and powerful combination of RAT, spyware, and ransomware capabilities fused into a single malware.

Hackers Behind Cuba Ransomware Attacks Using New RAT Malware
2022-08-12 02:23

Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures, including a new remote access trojan called ROMCOM RAT on compromised systems. In the intervening months, the ransomware operation has received an upgrade with an aim to "Optimize its execution, minimize unintended system behavior, and provide technical support to the ransomware victims if they choose to negotiate," per Trend Micro.

Hacker uses new RAT malware in Cuba Ransomware attacks
2022-08-10 18:04

A member of the Cuba ransomware operation is employing previously unseen tactics, techniques, and procedures, including a novel RAT and a new local privilege escalation tool. The threat actor was named 'Tropical Scorpius' by researchers at Palo Alto Networks Unit 42 and is likely an affiliate of the Cuba ransomware operation.

New Woody RAT Malware Being Used to Target Russian Organizations
2022-08-05 05:42

An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files and Microsoft Office documents leveraging the now-patched "Follina" support diagnostic tool vulnerability in Windows.

Russian organizations attacked with new Woody RAT malware
2022-08-03 22:35

Unknown attackers target Russian entities with newly discovered malware that allows them to control and steal information from compromised devices remotely. According to Malwarebytes, one of the Russian organizations that were attacked using this malware is a government-controlled defense corporation.

Australia charges dev of Imminent Monitor RAT used by domestic abusers
2022-07-31 23:48

An Australian man was charged for developing and selling the Imminent Monitor remote access trojan, used to spy on victims' devices remotely. Yesterday, the Australian Federal Police announced that they had charged an Australian man, age 24, for developing and selling the Imminent Monitor software.

North Korean hackers attack EU targets with Konni RAT malware
2022-07-23 16:08

Threat analysts have uncovered a new campaign attributed to APT37, a North Korean group of hackers, targeting high-value organizations in the Czech Republic, Poland, and other European countries. In this campaign, the hackers use malware known as Konni, a remote access trojan capable of establishing persistence and performing privilege escalation on the host.

Chinese-sponsored gang Gallium upgrades to sneaky PingPull RAT
2022-06-14 06:27

The Gallium group, believed to be a Chinese state-sponsored team, is going on the warpath with an upgraded remote access trojan that threat hunters say is difficult to detect. The backdoor, once in a compromised system, comes in three variants, each of which can communicate with the command-and-control system in one of three protocols: ICMP, HTTPS and raw TCP. All three PingPull variants have the same functionality, but each creates a custom string of code that it sends to the C2 server, which will use the unique string to identify the compromised system.