RAT Malware Spreading In Korea Through Webhards and Torrents
An ongoing malware distribution campaign targeting South Korea is disguising RATs (remote access trojans) as an adult game shared via webhards and torrents.
The attackers are using easily obtainable malware such as njRAT and UDP RAT, wrap them in a package that appears like a game or other program, and then upload them on webhards.
WebHard is a popular online storage service in Korea, preferred mainly for the convenience of direct downloads.
In this case, the malware adds a Registry key to ensure a periodical connection to the C2 server, keeping the possibility of fetching more payloads open.
Actors have employed various tricks to convince people to download njRATs on their systems, but file hosting services and torrents remain a stable source of trouble.
Webhards are typically unregulated spaces, with no one checking what users upload and share with others on the platform, so whenever you’re pointed to one, be very careful.
ASEC warned about this risk again in June, when actors distributed yet another commodity malware disguised as a platformer game named ‘Lost Ruins’.
That package also had the capacity to run both the game and the malware simultaneously, making it a lot harder to realize the infection.
Outsourced DPO – It is mandatory to appoint a Data Protection Officer. Engage us today.
PDPA Training (SkillsFuture Eligible) – Empower data protection knowledge for your employees.
Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.
Privacy Ninja provides GUARANTEED quality and results for the following CORE SERVICES: