The malware reportedly utilizes techniques similar to those observed in previous RAT families, including process injection, reflective DLL injection, and single-byte XOR encoding to obfuscate network communications and embedded strings, making detection significantly more difficult for security solutions. The malware, identified in a repository allegedly created by a user named “Haerkasmisk,” provides attackers with an extensive toolkit that can evade modern antivirus and Endpoint Detection and Response (EDR) solutions through multiple obfuscation techniques similar to those seen in previously documented malware families. According to Cyberfeeddigest post shared on X, the RAT includes a hidden browser functionality allowing attackers to conduct web activities through the victim’s machine without detection, and Hidden Virtual Network Computing (HVNC) capability that creates an invisible desktop session for stealthy remote control. Security researchers noted that the malware may leverage vulnerability CVE-2014-0322 or similar exploits as initial infection vectors, though specific delivery mechanisms remain under investigation. Like the previously documented Sakula malware family identified by Dell SecureWorks researchers, it likely uses HTTP GET and POST requests for command and control (C2) communications. As threat actors increasingly leverage publicly available offensive security tools, the growing sophistication of RATs like Sakura highlights the critical importance of implementing multi-layered security defenses. According to researchers examining GitHub’s “antivirus-evasion” topic, numerous frameworks like Veil, Chimera, and Process Herpaderping are openly accessible, contributing to the proliferation of evasive malware. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 07 Apr 2025 09:45:09 +0000