Teacher
Professional
- Messages
- 2,669
- Reaction score
- 819
- Points
- 113
Does the platform administration plan to do something about the malware "distributed for educational purposes"?
A new advanced remote access tool (RAT been published on GitHub. This Trojan, written in the C# programming language and compatible with Windows 10 and Windows 11 operating systems, provides "an extensive set of functions for remote system management," according to the developer under the pseudonym moom825.
Xeno RAT's functionality includes a SOCKS5 reverse proxy server, the ability to record audio in real time, and integration of a hidden virtual network computing (hVNC) module similar to DarkVNC, which allows attackers to gain remote access to an infected computer.
The developer separately noted the "fun" features of his tool, such as "blue screen of death" on request, turning off the remote host monitor, opening/closing the CD tray, etc.
The developer claims that Xeno RAT was developed exclusively for educational purposes, although we all understand perfectly well who and why this malware will actually be used.
Xeno RAT has been designed from the ground up to provide a "unique and personalized approach to remote access tools". The developer also notes the presence of a constructor that allows you to create specialized versions of the tool.
Notably, moom825 is also the developer of another C# - based remote access Trojan called DiscordRAT 2.0, which was previously distributed by attackers through a malicious npm package called "node-hide-console-windows".
Cybersecurity company Cyfirma, in its report published last week, said that it had already observed the spread of Xeno RAT through the Discord content delivery network. As the main attack vector, the attackers used a shortcut file disguised as a WhatsApp screenshot, which downloaded a ZIP archive from Discord servers, extracted the contents,and downloaded the next stage of malware.
The multi-stage attack sequence uses the DLL Sideloading technique to launch a malicious DLL, while simultaneously taking steps to ensure consistency in the system and evade analysis and detection.
The Cyfirma study once again highlights how the growing availability of malware contributes to an increase in the number of malicious campaigns that use it.
To reduce the risks associated with Xeno RAT malware, users should exercise caution when opening files from untrusted sources or clicking on unfamiliar links, especially those that offer questionable software or content.
In addition, the implementation of robust cybersecurity measures, including the use of high-quality antivirus software, ensuring regular software updates, and vigilance against social engineering tactics, can significantly enhance protection against such threats.
A new advanced remote access tool (RAT been published on GitHub. This Trojan, written in the C# programming language and compatible with Windows 10 and Windows 11 operating systems, provides "an extensive set of functions for remote system management," according to the developer under the pseudonym moom825.
Xeno RAT's functionality includes a SOCKS5 reverse proxy server, the ability to record audio in real time, and integration of a hidden virtual network computing (hVNC) module similar to DarkVNC, which allows attackers to gain remote access to an infected computer.
The developer separately noted the "fun" features of his tool, such as "blue screen of death" on request, turning off the remote host monitor, opening/closing the CD tray, etc.
The developer claims that Xeno RAT was developed exclusively for educational purposes, although we all understand perfectly well who and why this malware will actually be used.
Xeno RAT has been designed from the ground up to provide a "unique and personalized approach to remote access tools". The developer also notes the presence of a constructor that allows you to create specialized versions of the tool.
Notably, moom825 is also the developer of another C# - based remote access Trojan called DiscordRAT 2.0, which was previously distributed by attackers through a malicious npm package called "node-hide-console-windows".
Cybersecurity company Cyfirma, in its report published last week, said that it had already observed the spread of Xeno RAT through the Discord content delivery network. As the main attack vector, the attackers used a shortcut file disguised as a WhatsApp screenshot, which downloaded a ZIP archive from Discord servers, extracted the contents,and downloaded the next stage of malware.
The multi-stage attack sequence uses the DLL Sideloading technique to launch a malicious DLL, while simultaneously taking steps to ensure consistency in the system and evade analysis and detection.
The Cyfirma study once again highlights how the growing availability of malware contributes to an increase in the number of malicious campaigns that use it.
To reduce the risks associated with Xeno RAT malware, users should exercise caution when opening files from untrusted sources or clicking on unfamiliar links, especially those that offer questionable software or content.
In addition, the implementation of robust cybersecurity measures, including the use of high-quality antivirus software, ensuring regular software updates, and vigilance against social engineering tactics, can significantly enhance protection against such threats.
