SecurityWeek reports that the new CodeRAT backdoor had its source code released online by its developer after being confronted by SafeBreach security researchers.
Malicious Word documents with a Dynamic Data Exchange exploit have been used to deploy CodeRAT, which has nearly 50 various commands that could be leveraged for activity monitoring, data theft, and malware deployment, according to a SafeBreach report. Aside from having five operational modes, CodeRAT also enables unique ID generation and command receipt through local files, Telegram bot API, or the main user interface.
"This type of monitoring specifically of pornographic sites, use of anonymous browsing tools, and social network activities leads us to believe CodeRAT is an intelligence tool used by a threat actor tied to a government," said SafeBreach.
Iranian developers have been identified as the key target of CodeRAT, which researchers found was developed by Mr. Moded who was also behind the RoboThief Telegram session stealer.
North Korea's Lazarus Group has leveraged the backdoored PDF reader app SwiftLoader used in the RustBucket campaign to facilitate the deployment of the KANDYKORN macOS malware in a bid to better evade detection, according to The Hacker News.
Europol and law enforcement agencies across seven countries, including the U.S., have dismantled a Ukraine-based ransomware operation following the arrests of its alleged leader and four accomplices, CyberScoop reports.
Real-world Insights from a Sophos Threat Analyst: It’s Great You Have a Firewall, But Here’s Why You Shouldn’t Skip Over MDR
Revolutionizing the essentials: Friction-minimizing approaches to overcoming advanced account takeover (ATO)
Evening the Odds Against Overpowered Cyber Adversaries: A Business Impact Analysis
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news