June 17, 2024 at 01:36AM
Threat actors are deploying the NiceRAT malware to create a botnet, targeting South Korean users by disguising the malware as cracked software. The malware is distributed via crack programs and infected devices, making detection difficult. NiceRAT is an actively developed open-source RAT and stealer malware, offering a premium version under the malware-as-a-service model. This development follows the resurgence of the Bondnet cryptocurrency mining botnet.
Key takeaways from the meeting notes on Jun 17, 2024 regarding the NewsroomBotnet and Cryptocurrency are as follows:
– Threat actors are using a malware called NiceRAT to infect devices and form a botnet, primarily targeting South Korean users under the guise of cracked software and license verification tools for Microsoft products.
– The malware uses various distribution methods, including leveraging cracked programs and botnets comprising zombie computers infiltrated by a remote access trojan (RAT) known as NanoCore RAT.
– NiceRAT is an actively developed open-source RAT and stealer malware written in Python, utilizing a Discord Webhook for command-and-control (C2) to extract sensitive information from compromised hosts.
– The malware was first released on April 17, 2024, and is also available as a premium version, suggesting it follows the malware-as-a-service (MaaS) model.
– Additionally, a cryptocurrency mining botnet known as Bondnet has resurfaced, utilizing high-performance miner bots as C2 servers with a modified version of a legitimate tool called Fast Reverse Proxy (FRP).
These are the key points outlined from the meeting notes. Let me know if you need any further details.