Hackers infecting other hackers with remote-access trojan
Hackers have begun repackaging popular hacking tools with malware
Hackers have turned on themselves according to a newly discovered malware campaign.
The multi-year campaign was uncovered by Cybereason security researcher Amit Serper, who found that hackers have begun modifying existing hacking tools by injecting a powerful remote-access trojan into them. When these modified tools are opened, they give hackers full access to the target's computer.
According to Serper, the attackers have made it quite easy to spread their repackaged tools by posting them on popular hacking forums.
- Bug bounties have made these hackers millionaires
- How a piece of Brazilian malware became a global cybercrime export
- Staying one step ahead of the hackers
However, these repackaged tools not only give hackers access to a target's computer but they also open a backdoor to their systems which allows the attackers to utilize any other computer or network that they have already breached.
njRat trojan
During his investigation of the campaign, Serper found that the hackers behind these attacks are injecting and repackaging hacking tools with the njRat trojan. This trojan gives the attacker full access to a target's desktop as well as to their files, passwords webcams and microphones.
njRat has been around since 2013 and it has been used frequently against targets in the Middle East. It is often spread through phishing emails and infected flash drives but recently hackers have begun to inject the malware on dormant or insecure websites to avoid being detected.
Hackers are once again using this technique to spread njRat and according to Serper, they have compromised several websites to host hundreds of njRat malware samples. In a blog post, he provided further details on this latest campaign and his investigation into the matter, saying:
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“This investigation surfaced almost 1000 njRat samples compiled and built on almost a daily basis. It is safe to assume that many individuals have been infected by this campaign (although at the moment we are unable to know exactly how many). This campaign ultimately gives threat actors complete access to the target machine, so they can use it for anything from conducting DDoS attacks to stealing sensitive data off the machine. It is clear the threat actors behind this campaign are using multiple servers, some of which appear to be hacked WordPress blogs. Others appear to be the infrastructure owned by the threat group, judging by multiple hostnames, DNS data, etc.”
As this campaign has already operated for years, it will likely continue to do so while giving hackers a taste of their own medicine.
- We've also highlighted the best antivirus software
Via TechCrunch
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
LockBit demands $25 million from London Drugs, confirming breach was actually ransomware attack
Political ads made with generative AI must be labelled, says FCC
Truecaller's new feature can turn your voice into a personal secretary
Most Popular
- 1Apple TV Plus' next big comedy from Ted Lasso's co-creator sounds absolutely wild – and it's out in August
- 2Microsoft, just give up on the whole Windows-on-Arm idea — the fixation on Apple and the Qualcomm dalliance could end up harming the very partners that stood by your side for 40 years
- 3Canon's best camera for beginners is going cheap right now in the US and UK
- 4Business card-sized micro x86 compute module boasts N100 CPU, 8GB RAM, and Nvidia GPU support
- 5Firsty's ad-supported alternative to expensive roaming costs means you can go online anywhere for free
- 1Motorola Razr (2019) review
- 2Nothing wins the ChatGPT earbuds race: the AI bot is coming to all Nothing buds soon
- 3Rural matters: Putting the countryside at the heart of Vodafone’s mission
- 4Snapdragon X Elite CPU has been put through its paces early – and appears to be every bit as strong as Qualcomm claims
- 5Watch out, Apple: Dell reveals mighty new XPS 13 - the first without an Intel processor and supercharged with Snapdragon to dominate in a world of AI