2025-01-30 09:08:21 Pacfic
Fake Malware Builder Backdoors 18000 Users - 2d
A sophisticated cyberattack has successfully targeted low-skilled hackers, often referred to as "script kiddies," by using a modified version of the XWorm RAT builder. This fake builder, disguised as a tool for penetration testing, secretly infects the user's systems with a backdoor. This allowed the attacker to compromise over 18,000 devices worldwide. The malware was distributed via various channels including file-sharing services, Github repositories, Telegram channels, and even Youtube. Once installed, the malicious software exfiltrated sensitive data such as browser credentials, Discord tokens, Telegram data, and system information.
The campaign highlights the risks faced even by those attempting to engage in hacking activities. Threat actors, using aliases such as “@shinyenigma” and “@milleniumrat", have taken advantage of the eagerness of these individuals to download and utilize tools from online tutorials. The infected machines are located in Russia, the United States, India, Ukraine, and Turkey. The malicious tool utilizes Telegram for its command and control, using bot tokens and Telegram API calls. Security researchers have identified a kill switch to disrupt operations on active devices, though this is limited by offline machines and rate limiting mechanisms.
ImgSrc: www.bleepstatic.com
References:
- www.bleepingcomputer.com - A threat actor targeted low-skilled hackers, known as "script kiddies," with a fake malware builder that secretly infected them with a backdoor to steal data and take over computers - 2d
- @campuscodi.risky.biz - Catalin Cimpanu - Over 18,000 users infected themselves with a backdoor after they downloaded a cracked malware builder - 2d
- hackread.com - Hackers Use XWorm RAT to Exploit Script Kiddies, Pwning 18,000 Devices - 2d
- www.cloudsek.com - Over 18,000 users infected themselves with a backdoor after they downloaded a cracked malware builder - 2d
- Cyber Security News - Weaponized XWorm RAT Builder Targeting Script Kiddies to Extract Sensitive Data - 2d
- GBHackers Security | #1 Globally Trusted Cyber Security News Platform - Weaponised XWorm RAT Builder Attacking Script Kiddies To Hack 18,000 Devices - 2d
- cyberpress.org - Weaponized XWorm RAT Builder Targeting Script Kiddies to Extract Sensitive Data - 2d
- gbhackers.com - Weaponised XWorm RAT Builder Attacking Script Kiddies To Hack 18,000 Devices - 2d
- SCM feed for Threat Management - XWorm RAT builder leveraged for widespread device compromise - 1d
Classification:
- HashTags: MalwareBuilder ScriptKiddies CyberAttack
- Company: Script Kiddies
- Target: Script Kiddies
- Product: Fake Malware Builder
- Feature: Backdoor
- Type: Malware
- Severity: Major