5
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu
Hackers have turned on themselves according to a newly discovered malware campaign that suggests that they have become the targets of other hackers who have begun repackaging popular hacking tools with malware.The multi-year campaign was first discovered by the VP of security strategy and principal researcher at Cybereason, Amit Serper who found that hackers have begun modifying existing hacking tools by injecting a powerful remote-access trojan into them.
When these modified tools are opened, they give hackers full access to the target's computer.According to Serper, the attackers have made it quite easy to spread their repackaged tools by posting them on popular hacking forums.However, these repackaged tools not only give hackers access to a target's computer but they also open a backdoor to their systems which allows the attackers to utilize any other computer or network that they have already breached.During his investigation of the campaign, Serper found that the hackers behind these attacks are injecting and repackaging hacking tools with the njRat trojan.
This trojan gives the attacker full access to a target's desktop as well as to their files, passwords webcams and microphones.njRat has been around since 2013 and it has been used frequently against targets in the Middle East.
It is often spread through phishing emails and infected flash drives but recently hackers have begun to inject the malware on dormant or insecure websites to avoid being detected.Hackers are once again using this technique to spread njRat and according to Serper, they have compromised several websites to host hundreds of njRat malware samples.
In a blog post, he provided further details on this latest campaign and his investigation into the matter, saying:This investigation surfaced almost 1000 njRat samples compiled and built on almost a daily basis.
It is safe to assume that many individuals have been infected by this campaign (although at the moment we are unable to know exactly how many).
This campaign ultimately gives threat actors complete access to the target machine, so they can use it for anything from conducting DDoS attacks to stealing sensitive data off the machine.
It is clear the threat actors behind this campaign are using multiple servers, some of which appear to be hacked WordPress blogs.
Others appear to be the infrastructure owned by the threat group, judging by multiple hostnames, DNS data, etc.As this campaign has already operated for years, it will likely continue to do so while giving hackers a taste of their own medicine.Via TechCrunch
