Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
BIOPASS RAT Infects Chinese Gambling Sites
#1
https://news.softpedia.com/news/cybercri...3501.shtml     
BIOPASS RAT Infects Chinese Gambling Sites
Besides PC infection, OBS Studio is used to capture displays
Jul 12, 2021 18:27 GMT  ·  By George Dascalu  ·     

A new malware targets online gambling companies in China using the watering hole attack method of embedding Cobalt Strike beacons into gambling websites. The beacons can be later deployed in the form of a backdoor called BIOPASS RAT, according to The Hacker News.

BIOPASS RAT was initially identified immediately after the malware made its debut on a targeted Chinese online gambling website.So far, we only know it is in development and that it's targeting mostly Chinese online browsers, including 2345 Explorer, QQ Browser, 360 Safe Browser, Sogou Explorer, and WeChat.

The updated malware can deploy either BIOPASS RAT or Cobalt Strike beacons. Both versions are able to record their victims' screens using OBS Studio.By employing BIOPASS, cybercriminals may easily access a variety of spyware features like live streaming on a cloud service through Real-Time Messaging Protocol (RTMP), as well as connecting with a C2 server via Socket.IO.
Cybercriminals disguise the malware in installer packages that look like real software installers

To carry out the attack hackers use malicious loaders masquerading as genuine installers for popular but outdated applications such as Microsoft Silverlight or Adobe Flash Player. As you probably hinted, the malware loader then acts as a conduit for collecting the next-stage payloads. Malicious JavaScript has also been found hidden inside the websites' online help chat pages whose role is to infect users with malware once they have logged in.

Trend Micro research reads "BIOPASS RAT possesses basic features found in other malware, such as file system assessment, remote desktop access, file exfiltration, and shell command execution," [...] "It also has the ability to compromise the private information of its victims by stealing web browser and instant messaging client data."

The identity of the malicious agent is still unknown. Then again, based on Trend Micro research, the malware strain has similarities with that of TTPs, which is often linked with the Winnti Group.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Password recovery tool infects industrial systems with Sality malware tarekma7 0 790 07-17-2022 , 09:32 AM
Last Post: tarekma7
  Microsoft seizes sites used by APT15 Chinese state hackers mrtrout 0 1,148 12-07-2021 , 11:16 AM
Last Post: mrtrout
  Fake Movie File Infects PC to Steal Cryptocurrency, Poison Google Results Mohammad.Poorya 0 1,819 01-15-2019 , 04:45 AM
Last Post: Mohammad.Poorya
  Infected WordPress Sites Are Attacking Other WordPress Sites Mohammad.Poorya 0 1,786 12-08-2018 , 06:00 PM
Last Post: Mohammad.Poorya
  Malware Infects many E-Commerce Websites dhruv2193 0 2,026 09-04-2018 , 01:14 PM
Last Post: dhruv2193



Users browsing this thread: 1 Guest(s)