Researchers have discovered a popular Remote Access Trojan on sale for just $20 on the dark web marketplace. The NanoCore RAT has been used in a number of malware attacks, giving the actors access to the administrative control of the target computer through a created backdoor.
RAT is mainly downloaded invisibly with a user requested program or sent as an attachment or provided malicious links to the target. The goal is to compromise the host system, and distribute the malware to other vulnerable computers as it creates a botnet according to the research.
Image Source: www.securityaffairs.com
According to the report, researchers discovered that attackers plant a popular RAT called the NanoCore on compromised systems during one of their efforts to track and find medium volume email campaigns that use fake invoices as a gateway to lure targets to click on provided malicious links.
Interestingly, the hackers had the intention to create a month-long campaign that aimed at the German sector. The report established that the low price coupled with the design which makes it ease-for-use, has contributed to the prevalence of the NanoCore among threat actors in the last few years. Actors just wake up and decide to launch a campaign after obtaining this cheap malware on the dark web market.
According to the report published by Flashpoint, the Nanocore has been designed purposely for the infection of window-based devices. However, it needs to be triggered to begin the installation, and one of the trigging points is through a phishing attack with provided malicious links.
The underlined campaign was aimed at manufacturing companies with emails meant to lure the targets to click on provided malicious links. The German campaign was an invoice email according to the report, and was designed with both provided malicious links and malicious attachments.
The malicious attachment found in the lure email contained compressed executable and had a “Z” extension. The provided malicious links, on the other hand, is designed to direct the target to one-time.live.com to download the malware.
After the malware is installed on the target computer, the NanoCore is capable of engaging in a wide range of functions including live and offline keylogging. It also takes a screenshot of desktop and webcam, runs arbitrary shell command, and upload and/or download arbitrary files. It has been designed to give complete control of the system to the threat actor without the knowledge of the victim.
According to the report, the Nanocore is not much different from the usual RAT, as it is only unique in terms of ease-of-use and cheaper cost.
Image Source: www.cisomag.com
Somewhere in August 2019, a new version of the RAT appeared on the dark web marketplace offered for free despite being more potent and dangerous. The NanoCore RAT is mostly linked to the high record of cybercrime incidents as the price and potency can give hackers access to the administrative control with phishing email as the gateway.
Authorities responded to the other version of this malware by sentencing the developer of the NanoCore RAT, Taylor Huddleston to 33-months in jail for aiding and abetting computer intrusion by developing, marketing and distributing it across online forums and dark web as claimed by a report. The emergence of the new RAT on the dark web at a cheaper cost is a wake-up call to businesses to brace themselves and put the necessary cybersecurity measures in place.
Source: SC MAGAZINE UK
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.