Webhards and Torrents: the New Channels for RAT Malware Propagation in Korea

South Korea seems to be a target of a new malicious campaign that propagates RAT malware camouflaged into a game for adults. The way it is distributed happens via torrents and also webhards.

The types of RATs cybercriminals use in this campaign are njRAT and UDP RAT. They are hidden into a seemingly game package (it could be a different program too). Then they will be loaded into the webhards.

RAT Malware: the Way It Self-Propagates

The ASEC researchers were the ones who addressed this matter in a report. As described by them, the new RAT malware works like this:

UDP RAT is distributed via webhards; However, it doesn’t come in its real shape but disguised as a ZIP file with an adult game inside; After the archive gots extracted, it can be seen that this contains a ‘game.exe’ launcher; The ‘game.exe’ launcher represents basically the UDP rate malware; The file is executed and delivers a Themida-packed RAT; Then it hides with the goal to produce another Game.exe file; The second executable will have the real game inside, so no suspicion from the victim’s side; The ‘C:Program Files4.0389’ folder is the place where malware executables will be dropped; njRAT

Read More: https://heimdalsecurity.com/blog/new-rat-malware-south-korea/