Malware, Threat Management

Modified RATs used in new Webworm attacks

BleepingComputer reports that old remote access trojans are being modified by Chinese hacking group Webworm in new cyberattacks against Asian IT service providers. Older and widely available RATs are likely being used by Webworm in an effort to curb operating costs, as well as better evade detection by security tools, a report from Symantec found. Webworm initially repurposed Trochilus RAT, which first emerged in 2015 and could be availed in GitHub, to include configuration loading through a set of hardcoded directories. Widely used 9002 RAT has also been tested by the Chinese threat group, which has bolstered the malware's communication protocol encryption in a bid to better bypass modern traffic analysis tools. The report also showed Webworm testing Gh0st RAT, which has been used by several APTs in different cyberespionage campaigns since its emergence in 2008. Symantec researchers noted that that Webworm may be the same as Space Pirates, which was dubbed by Positive Technologies as the group behind the modified Gh0st RAT named 'Deed RAT.'

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.