A new discovery suggests that hackers have themselves are the targets of other hackers, who are infecting and repackaging popular hacking gear with malware.
Cybereason's Amit Serper found that the attackers in this years-long marketing campaign are taking current hacking gear. Several of which can be designed to exfiltrate statistics from a database and injects a powerful remote-access to a trojan. When the equipment is opened, the hackers benefit full access to the target's computer.
Attackers baits hackers by repackaging pieces of things
Serper said the attackers are "baiting" other hackers by posting the repackaged equipment on hacking forums.
But it's not only the case of hackers focused on other hackers, Serper told TechCrunch. Serper said these maliciously repackaged tools have already been breached.
Serper explained that whoever is hacking the hackers will have access to your assets as well if the targeted hackers are using these trojan gear. The item, according to Serper, consists of offensive security researchers operating on red team engagements.
Serper located that these attackers are injecting and repackaging the hacking tools with njRat, an active trojan. The said trojan offers the attacker complete access to the target's desktop --- inclusive of files, passwords, and access to their webcam and microphone.
Thousands of trojanized hacking tools, going back years
The trojan dates back to as early as 2013 while it becomes frequently used in the Middle East. NjRat usually spreads via phishing emails and inflamed flash drives. Still, hackers have recently injected malware on dormant or insecure websites intending to stay away from detection. In 2017, hackers used this identical tactic to host malware on the website for the so-called Islamic State's propaganda unit.
Serper found the attackers were using that same website-hacking technique to host njRat on this most recent marketing campaign.
The attackers compromised several websites in addition to the infrastructure used by the attackers to command and manage the malware. Serper said that the process of injecting the njRat trojan into the hacking equipment happens almost day by day and might be automated. He suggested that the attacks are mainly run without direct human interaction.
Suspected Vietnamese mastermind
According to Serper, most of the trojanized apps the Cybereason crew analyzed had been configured to phone back to one in every domains.
The most used domain, according to Serper, was registered with the credentials of a Vietnamese individual. Serper added that the trojanized hacking equipment had been uploaded from a Vietnamese IP address.
According to Serper, the hacker organization seems to detect their malware samples earlier than deploying them on hacking forums, their blogs, and elsewhere.
However, the use of a Vietnamese IP for VirusTotal uploads, in connection with the domain details, is a robust indicator that the group is very in all likelihood based within the country, Cybereason stated.
An Old Tactic
All in all, the institution's tactics are not new, per se. Other hackers have the idea to take shortcuts of their careers by putting backdoors in hacking equipment that they later posted for free.
A 2016 Proofpoint report also located a large collection of backdoored phishing kits being advertised via YouTube videos. The phishing kits had despatched copies of the phished facts back to their unique authors.
The tactic is quite commonplace and is a simple manner of having access to hacked statistics without doing any widespread hacking. The idea is to permit other hackers download the hacking tool, spend weeks collecting statistics, after which stealing the information the usage of a backdoor.