SecurityWeek reports that the new CodeRAT backdoor had its source code released online by its developer after being confronted by SafeBreach security researchers. Malicious Word documents with a Dynamic Data Exchange exploit have been used to deploy CodeRAT, which has nearly 50 various commands that could be leveraged for activity monitoring, data theft, and malware deployment, according to a SafeBreach report. Aside from having five operational modes, CodeRAT also enables unique ID generation and command receipt through local files, Telegram bot API, or the main user interface. "This type of monitoring specifically of pornographic sites, use of anonymous browsing tools, and social network activities leads us to believe CodeRAT is an intelligence tool used by a threat actor tied to a government," said SafeBreach. Iranian developers have been identified as the key target of CodeRAT, which researchers found was developed by Mr. Moded who was also behind the RoboThief Telegram session stealer.