A new trick of cybercriminals is different insidious and resourceful.
Attackers are actively using malware called NiceRAT to create a botnet from infected devices. These attacks target users from South Korea and are distributed through local file sharing sites and blogs under the guise of hacked programs, Windows activation tools, free game servers, etc.
According to a recent report from the AhnLab Security Center (ASEC), malware distribution occurs primarily by users themselves after attackers initially place a tasty file on the Network, having previously embedded malicious code in it.
Since distributed tools are most often incompatible with antivirus programs, which is not in doubt among users when it comes to activators, attackers directly write that for the distributed tool to work correctly, the antivirus must be turned off or completely removed.
Further, users who have taken the bait of hackers obediently follow all the instructions, disabling or deleting all the security software installed on the computer. This approach does not play into the hands of security researchers, who must first find out from somewhere that a virus is hiding in users ' systems.
All this delays the initial detection and analysis of the threat indefinitely, which allows attackers to hit even more victims during this time.
Additional ways to distribute NiceRAT include using a botnet consisting of infected computers controlled remotely via the NanoCore RAT trojan.
NiceRAT is an actively developing open source malware written in Python. It can detect enabled debugging and running on VMs, and create deferred tasks in the scheduler to maintain persistence.
The malware collects information about the victim's IP address, computer location, combs installed browsers and the entire operating system in search of other valuable data, such as credentials from cryptocurrency wallets, and then sends all this to attackers through Discord servers.
The first version of NiceRAT was released on April 17, 2024, the current version is 1.1.0. The developer also offers a premium version, which indicates the use of the "malware as a service" (MaaS) model.
Users should exercise extreme caution and vigilance when running any programs downloaded from file sharing sites, blogs, or other unreliable sources. And if the system is already infected, you need to install antivirus software and remove any suspicious entries from the Windows Task Scheduler.
Attackers are actively using malware called NiceRAT to create a botnet from infected devices. These attacks target users from South Korea and are distributed through local file sharing sites and blogs under the guise of hacked programs, Windows activation tools, free game servers, etc.
According to a recent report from the AhnLab Security Center (ASEC), malware distribution occurs primarily by users themselves after attackers initially place a tasty file on the Network, having previously embedded malicious code in it.
Since distributed tools are most often incompatible with antivirus programs, which is not in doubt among users when it comes to activators, attackers directly write that for the distributed tool to work correctly, the antivirus must be turned off or completely removed.
Further, users who have taken the bait of hackers obediently follow all the instructions, disabling or deleting all the security software installed on the computer. This approach does not play into the hands of security researchers, who must first find out from somewhere that a virus is hiding in users ' systems.
All this delays the initial detection and analysis of the threat indefinitely, which allows attackers to hit even more victims during this time.
Additional ways to distribute NiceRAT include using a botnet consisting of infected computers controlled remotely via the NanoCore RAT trojan.
NiceRAT is an actively developing open source malware written in Python. It can detect enabled debugging and running on VMs, and create deferred tasks in the scheduler to maintain persistence.
The malware collects information about the victim's IP address, computer location, combs installed browsers and the entire operating system in search of other valuable data, such as credentials from cryptocurrency wallets, and then sends all this to attackers through Discord servers.
The first version of NiceRAT was released on April 17, 2024, the current version is 1.1.0. The developer also offers a premium version, which indicates the use of the "malware as a service" (MaaS) model.
Users should exercise extreme caution and vigilance when running any programs downloaded from file sharing sites, blogs, or other unreliable sources. And if the system is already infected, you need to install antivirus software and remove any suspicious entries from the Windows Task Scheduler.
