ReverseRAT has been significantly altered in its capabilities as a remote access Trojan utilized for executing major attacks targeting Southern and Central Asian organizations. The new variation known as ReverseRAT 2.0 is being utilized with another new agent called, NightFury.
ReverseRAT 2.0 exhibits further intrusive features
Researchers report that ReverseRAT 2.0 varies in three fundamental ways from its predecessors.
- First, NightFury is an open-source RAT that was used in the prior edition rather than AlkaKore.
- Second, the latest iteration uses new features and changed commands related to registry keys creation, lists, and deletion.
- Third, ReverseRAT 2.0 includes the additional ability to photograph from compromised PCs through cameras and steal files from USB devices.
- In addition, researchers have found a new version of the preBotHta loading file that can enable threat actors to circumvent certain antivirus solutions.
Some other key points include
- A handful of the new ReverseRAT 2.0 targets have appeared to be in Afghanistan, Jordan, India, and Iran.
- The data the Trojan collects include MAC address, physical RAM on the machine, processor information, computer name, and IP address, among other things.
ReverseRAT continues its march
- While ReverseRAT 2.0 appears as a new danger, its previous version continues its prominence in sophisticated campaigns.
- Researchers have found that cyber-criminals of SideCopy have increased their cyber-spy activities in order to deploy several RATs on victims’ PCs such as DetaRAT, ReverseRAT, MRAT, and ActionRAT.
- In another incident disclosed in June, Pakistan-based threats players in the regions of South and Central Asia employed ReverseRAT to infect Windows systems used in some government agencies.
- The intrusion apparently began in January 2021 and remained unnoticed for approximately six months.
Further attacks on government and energy institutions in the regions of South and Central Asia are expected by researchers in the future. Furthermore, the finding of the new NightFury agent deployed together with ReverseRAT 2.0 shows the strenuous attempts by the attackers to prevent further detection. However, given that phishing emails are part of the initial infection vector for the majority of the attacks, our internal experts suggest enterprises to take proactive measures to detect such emails.
To read more, please check eScan Blog
