Cybereason Nocturnus is investigating a campaign where attackers are trojanizing multiple hacking tools with njRat, a well known RAT. The campaign ultimately gives attackers total access to the target machine.
The threat actors behind this campaign are posting malware embedded inside various hacking tools and cracks for those tools on several websites. Once the files are downloaded and opened, the attackers are able to completely take over the victim’s machine. In this writeup, the Nocturnus team presents an analysis of the attacker TTPs and indicators of compromise. During this investigation, we uncovered hundreds of trojanized files and information about the threat actors infrastructure.
Be careful to avoid installing tools downloaded from untrusted sources.
Periodically proactively hunt in your environment for potential attacks on sensitive assets.
We highly recommend every customer enable the following features: