The source code of a remote access trojan (RAT) dubbed 'CodeRAT' has been leaked on GitHub attacks after malware analysts confronted the developer about that used the tool.
The malicious operation, which appears to originate from Iran, targeted Farsi-speaking software developers with a Word document that included a Microsoft Dynamic Data Exchange (DDE) exploit.
The exploit downloads and executes CodeRAT from the threat actor's GitHub repository, giving the remote operator a broad range of post-infection capabilities.
More specifically, CodeRAT supports about 50 commands and comes with extensive monitoring capabilities targeting webmail, Microsoft Office documents, databases, social network platforms, integrated development environment (IDEs) for Windows Android, and even individual websites like PayPal.
![[correlate]](/data/avatars/m/79/79653.jpg?1556985072){kind=avatar}
