RAT Malware Spreading In Korea Through Webhards and Torrents

An ongoing malware distribution campaign targeting South Korea is disguising RATs (remote access trojans) as an adult game shared via webhards and torrents.

The attackers are using easily obtainable malware such as njRAT and UDP RAT, wrap them in a package that appears like a game or other program, and then upload them on webhards.

Also Read: PDPA For Companies: Compliance Guide For Singapore Business

WebHard is a popular online storage service in Korea, preferred mainly for the convenience of direct downloads.

In this case, the malware adds a Registry key to ensure a periodical connection to the C2 server, keeping the possibility of fetching more payloads open.

Actors have employed various tricks to convince people to download njRATs on their systems, but file hosting services and torrents remain a stable source of trouble.

Webhards are typically unregulated spaces, with no one checking what users upload and share with others on the platform, so whenever you’re pointed to one, be very careful.

Also Read: 10 Government Data Leaks In Singapore: Prevent Cybersecurity

ASEC warned about this risk again in June, when actors distributed yet another commodity malware disguised as a platformer game named ‘Lost Ruins’.

That package also had the capacity to run both the game and the malware simultaneously, making it a lot harder to realize the infection.