Since 2022, Trend Micro researchers have been investigating numerous targeted attacks in the Asia-Pacific region that used the same ELF backdoor.
Most vendors identify this backdoor as a variant of existing malware such as Gh0st RAT or Rekoobe. However, Trend Micro unearthed the truth: this backdoor is not merely a variant of existing malware, but is a new type altogether. The researchers suspect it is being used by Chinese-speaking groups engaged in either espionage or cybercrime. We dubbed this formerly undocumented malware as “Noodle RAT.” Noodle RAT, also known as ANGRYREBEL or Nood RAT, is a relatively simple backdoor confirmed to have both Windows (Win.NOODLERAT) and Linux (Linux.NOODLERAT) versions.
Read more…
Source: Trend Micro
Related:
- DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware
April 18, 2024
In February 2024, Kaspersky researchers discovered a new malware campaign targeting government entities in the Middle East. They dubbed it “DuneQuixote”; and their investigation uncovered over 30 DuneQuixote dropper samples actively employed in the campaign. These droppers, which exist in two versions – regular droppers and tampered installer files for a legitimate tool named “Total Commander”, ...
- #StopRansomware: Akira Ransomware summary
April 18, 2024
Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines. As of January 1, 2024, the ransomware group has impacted over 250 ...
- SoumniBot: the new Android banker’s unique techniques
April 17, 2024
The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception. As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very popular among malicious actors who attack mobile devices. That said, we ...
- ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins
April 8, 2024
Last year, FortiGuard Labs uncovered the 8220 Gang’s utilization of ScrubCrypt to launch attacks targeting exploitable Oracle WebLogic Servers. ScrubCrypt has been described as an “antivirus evasion tool” that converts executables into undetectable batch files. It offers several options to manipulate malware, making it more challenging for antivirus products to detect. FortiGuard Labs recently discovered a ...
- Byakugan – The Malware Behind a Phishing Attack
April 4, 2024
In January 2024, FortiGuard Labs collected a PDF file written in Portuguese that distributes a multi-functional malware known as Byakugan. The PDF image shows a blurred table and asks the victim to click the malicious link on the PDF file to see the content. Once the link is clicked, a downloader is downloaded. The downloader drops ...
- LazyStealer: Sophisticated does not mean better
April 4, 2024
In the first quarter of 2024, researchers from Positive Technologies Expert Security Center (PT ESC) detected a series of attacks targeting government organizations in Russia, Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. The research team could not find any links to known groups that used the same techniques. The main goal of the attack was stealing ...