Windows and Linux systems across Asia have been subjected to attacks with the novel WogRAT malware involving the exploitation of the free online notepad platform aNotepad, reports BleepingComputer.
Malvertising and other similar techniques may have been used to facilitate the distribution of the WogRAT backdoor, which in Windows was in the form of an Adobe tool, a report from the AhnLab Security Intelligence Center revealed. Activating the bogus tool prompts the execution of a downloader that facilitates malicious .NET binary retrieval from aNotepad and the eventual loading of WogRAT. Aside from enabling command execution and file downloads from specific URLs, WogRAT also supports file uploads to the command-and-control server and command waiting and termination, according to researchers. Similar functionality has been observed by researchers in the Linux version of the backdoor. However, such an iteration was found to have leveraged TinyShell for operational routing and further encryption, as well as received commands from a reverse shell.
