Wednesday, April 14, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

New SectopRAT Trojan creates hidden second desktop to control browser sessions

November 21, 2019
in Internet Security
New SectopRAT Trojan creates hidden second desktop to control browser sessions
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

New variant of trojan malware puts your personal information at risk
NanoCore RAT can steal passwords, payment details, and secretly record audio and video of Windows users.

A new Trojan, SectopRAT, has appeared in the wild which is able to launch a hidden secondary desktop to control browser sessions on infected machines. 

You might also like

Microsoft April patch download covers 114 CVEs including new Exchange Server bugs

Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch

Samsung’s new Galaxy Quantum 2 uses quantum cryptography to secure apps

The new malware was first spotted by MalwareHunterTeam. In a tweet on 15 November, MalwareHunterTeam said the C# malware, compiled on 13 November, was able to “create [a] hidden desktop and run [a] selected browser there with full control.”

This caught the attention of cybersecurity researchers from G Data, who were able to obtain a second sample, compiled on 14 November, later submitted to Virustotal.

screenshot-2019-11-21-at-13-57-44.png

The first SectopRAT sample is signed by Sectigo RSA Code Signing CA and uses a Flash icon, whereas the second is not signed. Both samples of the Remote Access Trojan (RAT) use arbitrary characters in their names, have write/execute characteristics, and make use of ConfuserEx for obfuscation. 

According to the researchers, the malware contains a RemoteClient.Config class with four valuables for configuration — IP, retip, filename, and mutexName. 

The IP variable relates to the Trojan’s command-and-control (C2) server, whereas the retip variable has been designed to set up new C2 IPs that the server can override using the “set IP” command. 

See also: Asruex Trojan exploits old Office, Adobe bugs to backdoor your system

Filename and mutexName, however, are set but not in active use. 

The hardcoded filename spoolsvc.exe is added to the registry for persistence, a mimicry of the legitimate Microsoft service spoolsv.exe.

Once connected with its C2, the Trojan can be commanded to either stream an active desktop session or create a secondary one, hardcoded as “sdfsddfg,” which is hidden from view. The researchers say that operators of the malware are able to use the “Init browser” command to initiate a browser session through the secondary desktop. 

CNET: Facebook, Google ‘surveillance’ threatens human rights, Amnesty International says

Chrome, Firefox or Internet Explorer browser sessions can be launched. The malware is also able to change browser configurations to disable security barriers and sandboxes. However, the browser paths are hardcoded and do not use environmental variables. 

The malware is also able to send computer information back to the C2, such as the name of the operating system, processor data, core information and RAM available. 

TechRepublic: How can you protect yourself from hackers? An IBM social engineer offers advice

Another command, “Get codec info” is yet to be implemented. The team believes that the Trojan is not yet complete, as SectopRAT “looks unfinished and in parts hastily done.”

“Despite obvious flaws like using hardcoded paths without environmental variables to access system files, the RAT’s architecture, the use of a second desktop and changes in browser configuration files and parameters show some internal knowledge that is far from a greenhorn,” the researchers say. “It is quite possible that the first samples in the wild are merely for testing.”

Indicators of Compromise (IoCs) can be accessed here. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0



Credit: Zdnet

Previous Post

Evil Geniuses Prepare For LCS Domination After ‘Bang’ Acquisition

Next Post

Learn how R is used in machine learning with this $29 training

Related Posts

Microsoft April patch download covers 114 CVEs including new Exchange Server bugs
Internet Security

Microsoft April patch download covers 114 CVEs including new Exchange Server bugs

April 14, 2021
Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch
Internet Security

Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch

April 14, 2021
Samsung’s new Galaxy Quantum 2 uses quantum cryptography to secure apps
Internet Security

Samsung’s new Galaxy Quantum 2 uses quantum cryptography to secure apps

April 14, 2021
Brave browser disables Google’s FLoC tracking system
Internet Security

Brave browser disables Google’s FLoC tracking system

April 13, 2021
These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
Next Post

Learn how R is used in machine learning with this $29 training

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Microsoft April patch download covers 114 CVEs including new Exchange Server bugs
Internet Security

Microsoft April patch download covers 114 CVEs including new Exchange Server bugs

April 14, 2021
RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers
Internet Privacy

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers

April 14, 2021
DSC Weekly Digest 01 March 2021
Data Science

DSC Weekly Digest 12 April 2021

April 14, 2021
ML Ops and the Promise of Machine Learning at Scale
Machine Learning

ML Ops and the Promise of Machine Learning at Scale

April 14, 2021
How to Enter Your First Zindi Competition | by Davis David
Neural Networks

How to Enter Your First Zindi Competition | by Davis David

April 14, 2021
B2B Content Marketing – Facing Challenges
Marketing Technology

B2B Content Marketing – Facing Challenges

April 14, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Microsoft April patch download covers 114 CVEs including new Exchange Server bugs April 14, 2021
  • RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers April 14, 2021
  • DSC Weekly Digest 12 April 2021 April 14, 2021
  • ML Ops and the Promise of Machine Learning at Scale April 14, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates