INSUBCONTINENT EXCLUSIVE:
Hackers have turned on themselves according to a newly discovered malware campaign that suggests that they have become the targets of other
hackers who have begun repackaging popular hacking tools with malware.The multi-year campaign was first discovered by the VP of security
strategy and principal researcher at Cybereason, Amit Serper who found that hackers have begun modifying existing hacking tools by injecting
a powerful remote-access trojan into them
When these modified tools are opened, they give hackers full access to the target's computer.According to Serper, the attackers have made
it quite easy to spread their repackaged tools by posting them on popular hacking forums.However, these repackaged tools not only give
hackers access to a target's computer but they also open a backdoor to their systems which allows the attackers to utilize any other
computer or network that they have already breached.During his investigation of the campaign, Serper found that the hackers behind these
attacks are injecting and repackaging hacking tools with the njRat trojan
This trojan gives the attacker full access to a target's desktop as well as to their files, passwords webcams and microphones.njRat has
been around since 2013 and it has been used frequently against targets in the Middle East
It is often spread through phishing emails and infected flash drives but recently hackers have begun to inject the malware on dormant or
insecure websites to avoid being detected.Hackers are once again using this technique to spread njRat and according to Serper, they have
compromised several websites to host hundreds of njRat malware samples
surfaced almost 1000 njRat samples compiled and built on almost a daily basis
It is safe to assume that many individuals have been infected by this campaign (although at the moment we are unable to know exactly how
This campaign ultimately gives threat actors complete access to the target machine, so they can use it for anything from conducting DDoS
attacks to stealing sensitive data off the machine
It is clear the threat actors behind this campaign are using multiple servers, some of which appear to be hacked WordPress blogs
operated for years, it will likely continue to do so while giving hackers a taste of their own medicine.Via TechCrunch
