BleepingComputer reports that old remote access trojans are being modified by Chinese hacking group Webworm in new cyberattacks against Asian IT service providers.
Older and widely available RATs are likely being used by Webworm in an effort to curb operating costs, as well as better evade detection by security tools, a report from Symantec found. Webworm initially repurposed Trochilus RAT, which first emerged in 2015 and could be availed in GitHub, to include configuration loading through a set of hardcoded directories.
Widely used 9002 RAT has also been tested by the Chinese threat group, which has bolstered the malware's communication protocol encryption in a bid to better bypass modern traffic analysis tools. The report also showed Webworm testing Gh0st RAT, which has been used by several APTs in different cyberespionage campaigns since its emergence in 2008.
Symantec researchers noted that that Webworm may be the same as Space Pirates, which was dubbed by Positive Technologies as the group behind the modified Gh0st RAT named 'Deed RAT.'
Numerous web browsers and cryptocurrency wallets on Windows systems are being targeted by the new Bandit Stealer information-stealing malware, which could also evade Windows Defender, and be used to facilitate data breaches, account takeovers, identity theft, and credential stuffing attacks, reports The Record, a news site by cybersecurity firm Recorded Future.
BleepingComputer reports that recent phishing attacks by the QBot malware operation, also known as Qakbot, have involved the exploitation of a DLL hijacking flaw in the Windows 10 WordPad executable "write.exe."