Cybereason‘s Nocturnus Research Team is investigating a campaign where cybercriminals are trojanising multiple hacking tools with njRat, a well known RAT. The campaign ultimately gives attackers total access to the target machine. The threat actors behind this campaign are posting malware, embedded inside various hacking tools, and cracks for those tools on several websites. Once the files are downloaded and opened, the attackers are able to completely take over the victim’s machine.

In this new piece of research, Cybereason presents its analysis of the TTPs of the attackers, and the indicators of compromise. In the investigation of this campaign, Cybereason has found hundreds of trojanised files and a lot of information about the threat actors infrastructure.

KEY POINTS