Unknown: Cybereason, a cybersecurity firm, published a report describing a new version of the Remote Access Trojan njRAT being distributed through trojanized hacking tools by an unidentified threat group. The group has attempted to gain backdoor access to the computers of other hackers or penetration testers. If other hackers use the tools, the group is able to take the data they stole, instead of hacking the machines themselves. Tools that were infected included site scrapers, exploit scanners, Google doNone of the tactics being used in these attacks are new. It is hard to verify where the attacks are originating even though the IP address is coming from Vietnam. Penetration testing professionals still need to be cautious about the software they download to their computers. Professional penetration testing software cannot typically be found for free and should not be downloaded from hacking forums or blogs dedicated to distributing cracked software. Software should only be downloaded from verified websites to ensure that malicious software is not piggybacked into the download. More information can be read here: https://www.zdnet.com/article/years-long-campaign-targets-hackers-through-trojanized-hacking-tools/rk generators, tools for performing automatic SQL injections, brute-forcing tools, tools that are used to verify leaked credentials, and cracked versions of commercial penetration testing tools. Cybereason found that the analyzed tools were configured to phone back to one of the two main domains used for this campaign, both registered to a Vietnamese individual. The group appeared to be testing the detection rate of their malware by submitting files to VirusTotal from IP addresses in Vietnam before deploying them on hacking forums and blogs.
Analyst Notes
None of the tactics being used in these attacks are new. It is hard to verify where the attacks are originating even though the IP address is coming from Vietnam. Penetration testing professionals still need to be cautious about the software they download to their computers. Professional penetration testing software cannot typically be found for free and should not be downloaded from hacking forums or blogs dedicated to distributing cracked software. Software should only be downloaded from verified websites to ensure that malicious software is not piggybacked into the download. More information can be read here: https://www.zdnet.com/article/years-long-campaign-targets-hackers-through-trojanized-hacking-tools/
