Trading and brokerage firms in the United Arab Emirates, Jordan, Lebanon, Hong Kong, and Malaysia have been subjected to intrusions involving the novel Gh0st RAT-based GodRAT malware since September, The Hacker News reports.
Attackers have distributed illicit screen saver files purporting to be financial documents on Skype to facilitate the sideloading of a nefarious DLL that eventually results in the delivery of GodRAT, according to a Kaspersky analysis. After ensuring command-and-control communications over TCP, obtaining system details, and procuring an antivirus software list, GodRAT which is believed to have descended from the Winnti-linked AwesomePuppet backdoor downloads several plugins to enable further malicious activity, including the deployment of a browser stealer malware and the AsyncRAT trojan. "Old implant codebases, such as Gh0st RAT, which are nearly two decades old, continue to be used today... These old implants are known to have been used by various threat actors for a long time, and the GodRAT discovery demonstrates that legacy codebases like Gh0st RAT can still maintain a long lifespan in the cybersecurity landscape," said Kaspersky.
Attackers have distributed illicit screen saver files purporting to be financial documents on Skype to facilitate the sideloading of a nefarious DLL that eventually results in the delivery of GodRAT, according to a Kaspersky analysis. After ensuring command-and-control communications over TCP, obtaining system details, and procuring an antivirus software list, GodRAT which is believed to have descended from the Winnti-linked AwesomePuppet backdoor downloads several plugins to enable further malicious activity, including the deployment of a browser stealer malware and the AsyncRAT trojan. "Old implant codebases, such as Gh0st RAT, which are nearly two decades old, continue to be used today... These old implants are known to have been used by various threat actors for a long time, and the GodRAT discovery demonstrates that legacy codebases like Gh0st RAT can still maintain a long lifespan in the cybersecurity landscape," said Kaspersky.
