WogRAT Malware Alert: Hackers Abuse Online Notepad to Trigger Malicious Code

The next time you download a notepad app, be careful if it's a malware-ridden platform.

A newly discovered malware, dubbed 'WogRAT,' has emerged as a threat targeting both Windows and Linux operating systems. This malicious software utilizes an online notepad platform called "aNotepad" as a clandestine channel for storing and retrieving its harmful code.

WogRAT Malware Has Been Active Since 2022

Researchers at AhnLab Security Intelligence Center (ASEC) identified the "WingOfGod" malware, which has been active since late 2022.

According to cybersecurity experts, the notorious WogRAT malware has been targeting Asian countries, including China, Hong Kong, Singapore, and Japan.

Distribution Methods

While the exact distribution methods remain undisclosed, the malware is likely disseminated through malvertising or similar deceptive techniques. The executables associated with WogRAT bear names resembling popular software titles, aiding in their camouflage during distribution.

Exploiting Online Notepads

A notable aspect of WogRAT's operation is its exploitation of "aNotepad," an online notepad platform. The malware disguises itself as an Adobe tool within a base64-encoded .NET binary hosted on aNotepad.

What's more, this malware is proven to be elusive as it can easily evade suspicion, as legitimate online services like aNotepad are not typically flagged by security tools.

Malware Functionality

Upon execution, WogRAT initially appears benign and may evade detection by antivirus software. However, it contains encrypted source code for a malware downloader, which retrieves a malicious .NET binary from aNotepad. This binary serves as the WogRAT backdoor, enabling communication with a command and control (C2) server.

Supported Functions

Bleeping Computer reports that WogRAT supports five primary functions, which are the following:

  • Executing commands
  • Downloading files from specified URLs
  • Uploading specified files to the C2 server
  • Waiting for a specified duration
  • Terminating operations

WogRAT Has a Linux Variant

In addition to targeting Windows systems, WogRAT also has a Linux variant distributed in ELF form. This version utilizes Tiny Shell for routing operations and employs additional encryption in its communication with the C2 server.

Unlike the Windows variant, the Linux version does not abuse aNotepad for hosting malicious code.

While WogRAT's distribution methods remain uncertain, its emergence poses a significant threat to Windows and Linux users. This malware underscores the importance of robust cybersecurity measures by exploiting online notepads and employing sophisticated techniques.

For further details and indicators of compromise (IoCs), refer to ASEC's comprehensive report on WogRAT.

In other tech news, Tech Times reported that Meta was hit by a sudden outage on Tuesday, March 5.

At the time, Threads, Instagram, Facebook, and Messenger users noticed that their accounts suddenly logged out even without doing anything.

On Twitter, which is now X, Meta posted that the services had been restored as of 2:22 AM, March 6. The company apologized for any inconvenience the outage may have caused.


ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics