Stealthy Trojan Malware Available For Free On The Dark Web Could Give Rise To Phishing Attacks For Financial Profits

Trojan malware is often in great demand from malicious attackers. Usually, potent Remote Access Trojans (RAT) are sold for handsome amounts, but a new version of a powerful form of Trojan malware that recently surfaced on the Dark Web is available for free, discovered a cyber-security company. Experts are cautioning that this modified version of an old but still effect malware could give rise to a large number of crudely deployed attacks. Simply put, even attackers with very limited knowledge and technical skills could easily mold the new version of the RAT malware for their own attacks.

Security researchers at LMNTRIX Labs recently discovered a new variant of a powerful form of Trojan malware is being offered on the Dark Web for free. While the original malware is quite old, its codes and hacks can still be deployed successfully. In essence, malware designers, even with basic knowledge, could build powerful viruses or simply create a sophisticated phishing attack that relies on RAT malware. The attacks relying on the old Trojan malware would be conducted with monetary profit as the main agenda. The multi-faceted malware can steal passwords, bank details, and other personal information. Speaking about the possible spike in threats, Arannya Mukerjee, a senior threat researcher at LMNTRIX Labs said.

“Malware authors today tend to favor easy-to-use interfaces as it helps them write and update code, as well as use the RAT more efficiently. This simple interface also lowers the barrier for entry for any prospective hackers, so even amateurs can launch an attack. “Anytime an exploit kit or RAT kit is made available for free, it leads to an explosion of campaigns using the malware. We certainly expect to see more spin-off versions of the NanoCore RAT in the future, and predict most newer versions would continue to be tailored to amateur hackers.”

New Version Of NanoCore RAT Available for Free On The Dark Web:

NanoCore RAT (Remote Access Trojan) is a rather old malware. It first surfaced in 2013, but surprisingly, is still considered quite potent and effective in bypassing security and gaining access to sensitive information. During its early days, threat brokers sold the NanoCore RAT for around $25. Interestingly, the creators of the malware continued to improve the same with new features. Over the years, various versions of the multi-faceted group of hacking tools have been available online. Researchers attempting to sift through latest threats have come across a new variant with additional, more dangerous, capabilities. What’s even more concerning is the fact that the latest and even more potent version of NanoCore RAT is freely available on a forum hosted on the Dark Web.

The researchers at LMNTRIX Labs were able to access and download NanoCore v1.2.2. The RAT is effective on PCs running Windows OS and can steal passwords, perform keylogging and secretly record audio and video footage using the webcam. Simply put, the attackers can gain administrative control of the victim’s computer completely stealthily and use multiple tactics to draw out information.

The NanoCore RAT is a sophisticated malware designed specifically to avoid detection and yet gain privileged access to the PCs important components like microphone and webcam. Interestingly, owing to the deep penetration of the RAT, the virus can even manipulate the LED light that sits beside the webcam and indicates if it is recording. Some of the other capabilities of the NanoCore RAT are quite concerning as well. The malware can remotely shutdown or restart the machine. It can remotely control the mouse, open web pages and execute many more functions. Simply put, the attacker essentially gains the ability to use the machine as if it was their own. The successful deployment of the NanoCore RAT allows easy exploitation of the compromised machine to steal personal information, passwords and payment details.

How Is NanoCore RAT Distributed?

Similar to most hacking attempts, attackers using the NanoCore RAT rely on email phishing attacks. As we had previously reported, attackers are using carefully drafted emails that appear legitimate. These emails claim to contain invoices or purchase orders in the form of attachments. With a high level of sophistication, attackers can get victims to click on these tainted files.

What’s even more concerning is the level of sophistication and ease that comes with using the NanoCore RAT. Attackers using the malware have access to surprisingly user-friendly interface to help manage their activity. This allows even poorly educated attackers to launch their own phishing attacks. While the success rate of infection may not be high, the sheer number of attacks in itself is a cause of concern. Although several may be easily detected and disarmed, even a few gaining entry into the system could be quite damaging, observe experts.

Alap Naik Desai

A B.Tech Plastics (UDCT) and a Windows enthusiast. Optimizing the OS, exploring software, searching and deploying solutions to strange and weird issues is Alap's main interest.