Malware, Penetration Testing

Malicious OpenBullet configs used in malware attack against new hackers

The Hacker News reports that advanced threat operations have been leveraging malicious configuration files of the open-source pen-testing tool OpenBullet to facilitate remote access trojan malware attacks against their less sophisticated peers. Illicit OpenBullet configurations are being used to enable the retrieval of the Rust-based Ocean dropper from a GitHub repository, according to a Kasada report. The dropper's retrieval of the Python-based Patent malware from the same repository is then followed by the execution of a remote access trojan with screenshot capturing, task termination, cryptocurrency wallet information exfiltration, and Chromium browser-stored password and cookie theft capabilities. Cryptocurrency assets could also be stolen by the RAT. "The distribution of the malicious OpenBullet configs within Telegram is a novel infection vector, likely targeting these criminal communities due to their frequent use of cryptocurrencies. ... This presents an opportunity for attackers to shape their collection to a specific target group and obtain other members' funds, accounts, or access. As the old saying goes, there is no honor amongst thieves," said the report.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.