Threat Management

CodeRAT malware source code out in the open

SecurityWeek reports that the new CodeRAT backdoor had its source code released online by its developer after being confronted by SafeBreach security researchers. Malicious Word documents with a Dynamic Data Exchange exploit have been used to deploy CodeRAT, which has nearly 50 various commands that could be leveraged for activity monitoring, data theft, and malware deployment, according to a SafeBreach report. Aside from having five operational modes, CodeRAT also enables unique ID generation and command receipt through local files, Telegram bot API, or the main user interface. "This type of monitoring specifically of pornographic sites, use of anonymous browsing tools, and social network activities leads us to believe CodeRAT is an intelligence tool used by a threat actor tied to a government," said SafeBreach. Iranian developers have been identified as the key target of CodeRAT, which researchers found was developed by Mr. Moded who was also behind the RoboThief Telegram session stealer.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.