The group behind a sophisticated remote access Trojan, SilverRAT, has links to both Turkey and Syria and plans to release an updated version of the tool to allow control over compromised Windows systems and Android devices.
According to a threat analysis published on Jan. 3, SilverRAT v1 - which currently works only on Windows systems - allows the building of malware for keylogging and ransomware attacks, and includes destructive features, such as the ability to delete system restore points, researchers from Singapore-based Cyfirma stated in their analysis.
SilverRAT Builder Allows Various Features SilverRAT shows that the region's cybercriminal groups are becoming more sophisticated, according to Cyfirma's analysis.
The first version of SilverRAT, whose source code was leaked by unknown actors in October, consists of a builder that allows the user to construct a remote access Trojan with specific features.
The more interesting features, according to Cyfirma's analysis, include using either an IP address or webpage for command and control, bypasses for antivirus software, the ability to erase system restore points, and the delayed execution of payloads.
The hackers operate on Telegram and through online forums where they sell malware-as-a-service, distribute cracked RATs from other developers, and offer a variety of other services.
They have a blog and website called Anonymous Arabic.
Starting From Forums The group behind the malware, dubbed Anonymous Arabic, is active on Middle Eastern forums, such as Turkhackteam, 1877, and at least one Russian forum.
In addition to the development of SilverRAT, the group's developers offer a distributed denial-of-service attacks on demand, says Koushik Pal, a threat researcher with the CYFIRMA Research team.
While the Middle East threat landscape has been dominated by the state-run and state-sponsored hacking groups in Iran and Israel, homegrown groups such as Anonymous Arabic continue to dominate the cybercrime markets.
The ongoing development of tools such as SilverRAT highlight the dynamic nature of the underground markets in the region.
Hacking groups in the Middle East tend to be quite varied, says Sarah Jones, a cyber threat intelligence research analyst at managed detection and response firm Critical Start, who cautioned that individual hacking groups are constantly evolving and generalizing their characteristics can be problematic.
A Gateway Through Game Hacks Of the identified members of the Anonymous Arabic group, at least one is a former game hacker, according to data gathered by researchers at Cyfirma, including the Facebook profile, YouTube channel, and social-media posts of one of the hackers - a man in his early 20s who lives in Damascus, Syria, and started hacking as a teenager.
The profile of young hackers who cut their teeth on finding exploits for games transcends the hacking community in the Middle East.
Teenagers starting their hacking careers by creating gaming hacks or launching denial-of-service attacks against game systems has become a trend.
Arion Kurtaj, a member of the Lapsus$ group, started as a Minecraft hacker and later moved on to hacking targets such as Microsoft, Nvidia, and game maker Rockstar.
The US Department of Homeland Security's Cyber Safety Review Board, which conducts post-mortem analysis of major hacks, identified the continuing pipeline from juvenile hackers to cybercriminal enterprises as a existential danger.
Young programmers and technology-savvy teenagers often find other ways into the cybercriminal fold as well, says Critical Start's Jones.
This Cyber News was published on www.darkreading.com. Publication date: Fri, 05 Jan 2024 19:25:04 +0000