Trojanized Gaming Tools Spread Java-Based Remote Access Trojan via Browser and Chat Platforms

Post Views: 12

Threat Actors Distribute Java-Based RAT via Trojanized Gaming Tools

Cyber attackers have been using compromised gaming utilities to spread a remote access trojan (RAT) that can exfiltrate data and deploy additional payloads. The malware, which is designed to evade detection, is distributed through browsers and chat platforms.

Malware Capabilities

Once launched, the RAT connects to a command-and-control (C2) server at IP address 79.110.49[.]15, allowing attackers to remotely control the compromised host. The malware is a multi-purpose tool that can act as a loader, runner, and dropper, and is capable of deleting the initial persistence mechanism to avoid detection.

Defense Against the Threat

To defend against this threat, users are advised to audit Microsoft Defender exclusions and scheduled tasks, remove malicious tasks and startup scripts, isolate affected endpoints, and reset credentials for users active on compromised hosts.

New Windows RAT Malware Family Discovered

The disclosure of this threat comes as a new Windows RAT malware family, known as Steaelite, was recently discovered. Steaelite is a highly capable RAT that bundles together data theft and ransomware capabilities, and is compatible with both Windows 10 and 11.

Steaelite’s Features

Steaelite’s features include remote code execution, file management, live streaming, webcam and microphone access, process management, clipboard monitoring, password theft, installed program enumeration, location tracking, arbitrary file execution, URL opening, DDoS attacks, and VB.NET payload compilation. The malware also includes a web panel that allows attackers to control infected Windows machines remotely.

“Steaelite gives operators browser-based control over infected Windows machines, covering remote code execution, credential theft, live surveillance, file exfiltration, and ransomware deployment from a single dashboard.”

— Wendy McCague, security researcher

Other New RAT Families Discovered

In addition to Steaelite, two other new RAT families, DesckVB RAT and KazakRAT, have recently been discovered. KazakRAT is suspected to be the work of a state-affiliated cluster targeting Kazakh and Afghan entities as part of a persistent campaign that has been ongoing since at least August 2022.

Protection Against These Threats

To protect against these threats, users are advised to remain vigilant and take steps to secure their systems, including keeping software up to date, using strong passwords, and being cautious when downloading and installing software from unknown sources.