ReverseRAT 2.0 Uses Nightfury Agent to Target New Victims

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
ReverseRAT, a remote access trojan used in major attack projects targeting organizations in South and Central Asia, has received prominent modifications in its capabilities. Called by Black Lotus researchers as ReverseRAT 2.0, the new variant is being used alongside a new agent called NightFury.

ReverseRAT 2.0 shows more intrusive capabilities​

According to researchers, ReverseRAT 2.0 differs from its predecessors in three main ways.
  • First, it relies on NightFury instead of AlkaKore, an open-source RAT that was used in the previous iteration.
  • Second, the new variant leverages new functionalities and modified command calls related to creating, listing, and deleting registry keys.
  • Third, ReverseRAT 2.0 adds new capabilities to capture photos via webcams from infected machines and to steal files from USB connections.
  • In addition to these, researchers spotted an updated version of the preBotHta loader file that helps threat actors to bypass antivirus products.

Other key points​

  • The new ReverseRAT 2.0 appears to have targeted organizations in Afghanistan, with a handful in Jordan, India, and Iran.
  • Among the other data collected by the trojan includes MAC address, physical memory on the device, information about the processor, computer name, and IP address.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top