It’s Hackers Vs Hackers.
A new malware campaign is circulating on the web where the prime targets are hackers. It seems rather odd that hackers are targeting people from their own community. The infected versions of hacking tools are posted on different hacking forums to target other hackers.
According to the findings of Amit Serper from Cybereason, hackers have repackaged already popular hacking tools and infected other hackers with malware. Some of the tools can exploit databases to exfiltrate data and inject remote access Trojan (RAT) using product key generators and cracks that are used to unlock full versions from trial versions.
The company’s blog post reveals that hackers are using a powerful Trojan called njRat to infect the hacking tools so as to get complete access to the target’s computer including the stored documents, webcam, microphone, and even passwords.
It is clear the threat actors behind this campaign are using multiple servers, some of which appear to be hacked WordPress blogs. Others appear to be the infrastructure owned by the threat group, judging by multiple hostnames, DNS data, etc., said Serper.
The njRat Trojan was discovered in 2013 and a majority of its victims were located in the Middle East. Recently, this malware is used by attackers to infect poorly secured websites to evade detection, such as, in 2017 it was used to host malware on the Islamic State’s website.
The same technique is used by attackers in this particular campaign and several websites have been compromised with njRat malware. When the victim opens the tools, a backdoor is created immediately into the system and the attackers are able to control the computer.
Moreover, the malicious tools also infect any system that the hacker has already breached because, as per Serper, the hackers can gain access to the target’s assets too including assets of security researchers.
It is worth noting that in August 2017, njRat was also used as a Facebook password stealer and in November 2015, Egyptian hackers were found using the njRAT’s Codebase to create KillerRat capable of evading detection during the scan. The KillerRat mainly targets Windows PCs.
There is currently no information regarding the attackers behind this campaign, but since njRat is being updated almost on a daily basis, it is hard to overlook the possibility of involvement of automated tools.