- Aug 17, 2014
- 11,114
The builder kit of a remote access Trojan (RAT) that was initially spotted in early 2017 contains a backdoored module, Zscaler reports.
Dubbed Cobian and monitored since February this year, the RAT shows similarities to the njRAT/H-Worm family of threats, which has been around since 2013. Both the Cobian RAT control panel and features are similar to those of njRAT and H-Worm, the security researchers say.
Cobian RAT’s builder was seen advertised on multiple underground forums, where it was being offered for free. Apparently, the reason for this was simple: the builder kit includes a backdoor module designed to retrieve command and control (C&C) information from a predetermined URL controlled by the original author.
Because of this setup, the malware developer gains control of the infected systems, while relying on second-level operators to build and spread the RAT. The backdoor module provides the original malware author with full control over the systems infected with Cobian RAT and also allows it to modify the C&C server information configured by the second-level operators.
Full article: Backdoored RAT Builder Kit Offered for Free | SecurityWeek.Com
Dubbed Cobian and monitored since February this year, the RAT shows similarities to the njRAT/H-Worm family of threats, which has been around since 2013. Both the Cobian RAT control panel and features are similar to those of njRAT and H-Worm, the security researchers say.
Cobian RAT’s builder was seen advertised on multiple underground forums, where it was being offered for free. Apparently, the reason for this was simple: the builder kit includes a backdoor module designed to retrieve command and control (C&C) information from a predetermined URL controlled by the original author.
Because of this setup, the malware developer gains control of the infected systems, while relying on second-level operators to build and spread the RAT. The backdoor module provides the original malware author with full control over the systems infected with Cobian RAT and also allows it to modify the C&C server information configured by the second-level operators.
Full article: Backdoored RAT Builder Kit Offered for Free | SecurityWeek.Com
