rat

BitRAT Disguised as Windows Product Key Verification Tool Being Distributed

The ASEC analysis team has recently discovered BitRAT which is being distributed via webhards. Because the attacker disguised the malware as Windows 10 license verification tool from the development stage, users who download illegal crack tools from webhard and install it to verify Windows license are at risk of having BitRAT installed into their PC. The following shows a post that was uploaded to webhard, one that harbors the malware. The title is [New][Quick Install]Windows License Verification[One-click]. A compressed file…

njRAT Being Distributed via Webhards

Webhards is a platform used to distribute malware, and it is mainly used by attackers that mainly target Korean users. The ASEC analysis team has been monitoring malware types distributed through webhards and has uploaded multiple blog posts about them in the past. Various types of malware are used recently such as UdpRat or DDoS IRC Bot developed with GoLang, but njRAT had been used in multiple attacks in the past. njRAT Malware Distributed via Major Korean Webhard 파일 공유…

NanoCore RAT Disguised as Notification of Foreign Currency Remittance Being Spread!

The ASEC analysis team recently discovered that the NanoCore remote access Trojan (RAT) disguised as notification of foreign currency remittance was distributed. Because the malware is usually spread through phishing mails, users need to take extra caution. The mail impersonates a capital company and is distributed with the title “[** Capital] Notification for Foreign Currency Remittance” as shown below, tricking the user to check the attached file and run it. It is assumed that the sender took an image that…

Remcos RAT Malware being Distributed as Spam Mail

Remcos is a RAT (Remote Administration Tool) malware that has been distributed through spam mail for the past few years. Remcos is being sold by its developer using the website below, describing it as a RAT tool for remote management, it has been updated regularly until recent days. According to the features described on the Remcos website, it can be used for remote assistance or deleting and tracking sensitive data in case of theft, and the said features are actually…