remote access tool | Breaking Cybersecurity News | The Hacker News

Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various e-commerce and antivirus apps. "It provides malicious actors with a powerful toolkit for remote administration and control, enabling a range of malicious activities from data theft to device manipulation," Check Point said in an analysis published last week. It boasts a wide range of features, such as the ability to wipe SD cards, delete call logs, siphon notifications, and even act as ransomware. The use of Rafel RAT by DoNot Team (aka APT-C-35, Brainworm, and Origami Elephant) was previously highlighted by the Israeli cybersecurity company in cyber attacks that leveraged a design flaw in Foxit PDF Reader to trick users into downloading malicious payloads. The campaign, which took place in April 2024, is said to have utilized military-them

As many as six zero-days have been uncovered in an application called Remote Mouse, allowing a remote attacker to achieve full code execution without any user interaction. The unpatched flaws, collectively named ' Mouse Trap, ' were disclosed on Wednesday by security researcher Axel Persinger, who said, "It's clear that this application is very vulnerable and puts users at risk with bad authentication mechanisms, lack of encryption, and poor default configuration." Remote Mouse is a remote control application for Android and iOS that turns mobile phones and tablets into a wireless mouse, keyboard, and trackpad for computers, with support for voice typing, adjusting computer volume, and switching between applications with the help of a Remote Mouse server installed on the machine. The Android app alone has been installed over 10 million times. In a nutshell, the issues, which were identified by analysing the packets sent from the Android app to its Windows ser

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Hackers with suspected ties to Iran are actively targeting academia, government agencies, and tourism entities in the Middle East and neighboring regions as part of an espionage campaign aimed at data theft. Dubbed "Earth Vetala" by Trend Micro, the latest finding expands on previous research  published by Anomali  last month, which found evidence of malicious activity aimed at UAE and Kuwait government agencies by exploiting ScreenConnect remote management tool.  The cybersecurity firm linked the ongoing attacks with moderate confidence to a threat actor widely tracked as  MuddyWater , an Iranian hacker group known for its offensives primarily against Middle Eastern nations. Earth Vetala is said to have leveraged spear-phishing emails containing embedded links to a popular file-sharing service called Onehub to distribute malware that ranged from password dumping utilities to custom backdoors, before initiating communications with a command-and-control (C2) server to exe

Security researchers on Tuesday uncovered new delivery and evasion techniques adopted by Agent Tesla remote access trojan (RAT) to get around defense barriers and monitor its victims. Typically spread through social engineering lures, the Windows spyware not only now targets Microsoft's Antimalware Scan Interface ( AMSI ) in an attempt to defeat endpoint protection software, it also employs a multi-stage installation process and makes use of Tor and Telegram messaging API to communicate with a command-and-control (C2) server. Cybersecurity firm Sophos , which observed two versions of Agent Tesla — version 2 and version 3 — currently in the wild, said the changes are yet another sign of Agent Tesla's constant evolution designed to make a sandbox and static analysis more difficult. "The differences we see between v2 and v3 of Agent Tesla appear to be focused on improving the success rate of the malware against sandbox defenses and malware scanners, and on providing more

Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities. Tracked as CVE-2020-1530 and CVE-2020-1537 , both flaws reside in the Remote Access Service (RAS) in a way it manages memory and file operations and could let remote attackers gain elevated privileges after successful exploitation. In brief, the Remote Access Service functionality of the Windows operating system allows remote clients to connect to the server and access internal resources from anywhere via the Internet. A patch for both vulnerabilities was first released on August 11 with the batch of August Patch Tuesday updates, but it was for Windows 10, Windows 7, and Windows Server 2008, 2012, 2016, 2019, and Windows Server versions 1903, 1909, and 2004 systems. A week later, yesterday, on August 19, the company announced that Windows 8.1 and Windows Server 2012 R2 systems are vulner

The advent of the Covid-19 pandemic and the impact on our society has resulted in many dramatic changes to how people are traveling, interacting with each other, and collaborating at work. There are several trends taking place as a consequence of the outbreak, which has only continued to heighten the need for the tightest possible cybersecurity. Tools for Collaboration There has been a massive spike in the adoption of Tools for Collaboration as a consequence of COVID-19. Concerns about the coronavirus have caused an enormous increase in remote working, with many organizations requiring or at least encouraging their workers to stay at home—especially when cities, states, and even some entire nations are ultimately into lock down in a bid to spread the stem of the disease. Meanwhile, with millions working from home for many weeks now, there has been a spike in the video conferencing and online collaboration software, many of which are fortunately entirely free, allowing orga

As people increasingly work from home and online communication platforms such as Zoom explode in popularity in the wake of coronavirus outbreak, cybercriminals are taking advantage of the spike in usage by registering new fake "Zoom" domains and malicious "Zoom" executable files in an attempt to trick people into downloading malware on their devices. According to a report published by Check Point and shared with The Hacker News, over 1,700 new "Zoom" domains have been registered since the onset of the pandemic, with 25 percent of the domains registered in the past seven days alone. "We see a sharp rise in the number of 'Zoom' domains being registered, especially in the last week," said Omer Dembinsky, Manager of Cyber Research at Check Point . "The recent, staggering increase means that hackers have taken notice of the work-from-home paradigm shift that COVID-19 has forced, and they see it as an opportunity to deceive, lure,

In a coordinated International law enforcement operation, Europol today announced to shut down the global organized cybercrime network behind Imminent Monitor RAT , yet another hacking tool that allows cybercriminals to gain complete control over a victim's computer remotely. The operation targeted both buyers and sellers of the IM-RAT (Imminent Monitor Remote Access Trojan), which was sold to more than 14,500 buyers and used against tens of thousands of victims across 124 countries. The infrastructure and front-end sale website of the Imminent Monitor have also been seized as part of this operation, making the Trojan unusable for those who already bought it, as well as unavailable for the new users. Promoted as a legitimate remote administration framework, the hacking tool was widely used to unauthorisedly access targeted users' computers and steal their login credentials for online banking and other financial accounts. According to Europol's press release , aut

A 21-year-old Kentucky man who previously pleaded guilty to developing, marketing, and selling an infamous remote access trojan (RAT) called LuminosityLink has now been sentenced to 30 months in prison. According to a press release published Monday by U.S. Attorney's Office, Colton Grubbs, who used online moniker 'KFC Watermelon,' was pleaded guilty for three counts--unlawfully accessing computers in furtherance of a criminal act, money laundering, and illegal removal of property to prevent its lawful seizure. First surfaced in April 2015, the  LuminosityLink RAT  (Remote Access Trojan), also known as Luminosity, was a hacking tool that was sold for $40, marketing itself as a legitimate tool for Windows administrators to "manage a large number of computers concurrently." However, in reality, LuminosityLink was designed to be a dangerous, remote access trojan that among other malicious features, allowed Grubbs' customers to: Record the keys that victims

As it was speculated that the author of LuminosityLink RAT was arrested last year, a plea agreement made available to the public today confirmed the news. Back in September last year, Europol's European Cybercrime Centre (EC3) and National Crime Agency began the crackdown on the LuminosityLink RAT, targeting sellers and users of the malware, which resulted in the seizure of a considerable number of computers and internet accounts across the world, and complete takedown of the threat. Colton Grubbs , a 21-year-old man from Kentucky, the developer of the LumunosityLink RAT has pleaded guilty to federal charges of creating, selling and providing technical support for the malware to his customers, who used it to gain unauthorized access to thousands of computers across 78 countries worldwide. First surfaced in April 2015, the LuminosityLink RAT (Remote Access Trojan), also known as Luminosity, was a hacking tool that was sold for $40, marketing itself as a legitimate tool for Wi

Do you have remote support software TeamViewer installed on your desktop? If yes, then you should pay attention to a critical vulnerability discovered in the software that could allow users sharing a desktop session to gain complete control of the other's PC without permission. TeamViewer is a popular remote-support software that lets you securely share your desktop or take full control of other's PC over the Internet from anywhere in the world. For a remote session to work both computers—the client (presenter) and the server (viewer)—must have the software installed, and the client has to share a secret authentication code with the person he wants to share his desktop. However, a GitHub user named "Gellin" has disclosed a vulnerability in TeamViewer that could allow the client (sharing its desktop session) to gain control of the viewer's computer without permission. TeamViewer Hack Could Be Used By Anyone—Server Or Client Gellin has also publishe

Nothing is free in this world. If you are searching for free ready-made hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a hoax. Last year, we reported about one such Facebook hacking tool that actually had the capability to hack a Facebook account, but yours and not the one you desire to hack. Now, a Remote Access Trojan (RAT) builder kit that was recently spotted on multiple underground hacking forums for free found containing a backdoored module that aims to provide the kit's authors access to all of the victim's data. Dubbed Cobian RAT , the malware has been in circulation since February of this year and has some similarities with the njRAT and H-Worm family of malware, which has been around since at least 2013. According to ThreatLabZ researchers from Zscaler, who discovered the backdoored nature of the malware kit, the "free malware builder" is likely capable of

A few months back we reported how opening a simple MS Word file could compromise your computer using a critical vulnerability in Microsoft Office . The Microsoft Office remote code execution vulnerability (CVE-2017-0199) resided in the Windows Object Linking and Embedding (OLE) interface for which a patch was issued in April this year, but threat actors are still abusing the flaw through the different mediums. Security researchers have spotted a new malware campaign that is leveraging the same exploit, but for the first time, hidden behind a specially crafted PowerPoint (PPSX) Presentation file. According to the researchers at Trend Micro, who spotted the malware campaign, the targeted attack starts with a convincing spear-phishing email attachment, purportedly from a cable manufacturing provider and mainly targets companies involved in the electronics manufacturing industry. Researchers believe this attack involves the use of a sender address disguised as a legitimate ema

A programmer who was arrested in March this year—not because he hacked someone, but because he created and distributed a remote access software that helped cyber criminals—has finally pleaded guilty. Taylor Huddleston , 26, of Hot Springs, Arkansas, pleaded guilty on Tuesday to federal charges of aiding and abetting computer intrusions for intentionally selling a remote access tool (RAT), called NanoCore, to hackers. NanoCore RAT happens to be popular among hackers and has been linked to instructions in at least 10 countries, among them was a high-profile assault on Middle Eastern energy firms in 2015. NanoCore RAT, a $25 piece of remote access software, allows attackers to steal sensitive information from victim computers, such as passwords, emails, and instant messages. The RAT could even secretly activate the webcam on the victims' computers in order to spy on them. Huddleston began developing NanoCore in late 2012, not with any malicious purpose, but with a motive to o

Hackers and cyber criminals are becoming dramatically more adept, innovative, and stealthy with each passing day. While other operating systems are more widely in use, cybercriminals have now shifted from traditional activities to more clandestine techniques that come with limitless attack vectors, support for cross platforms and low detection rates. Security researchers have discovered that infamous Adwind , a popular cross-platform Remote Access Trojan written in Java, has re-emerged and currently being used to "target enterprises in the aerospace industry, with Switzerland, Austria, Ukraine, and the US the most affected countries." Adwind — also known as AlienSpy, Frutas, jFrutas , Unrecom, Sockrat, JSocket, and jRat — has been in development since 2013 and is capable of infecting all the major operating systems, including Windows, Mac, Linux, and Android. Adwind has several malicious capabilities including stealing credentials, keylogging, taking pictures or

A Swedish man who was the mastermind behind the $40 BlackShades Remote Access Tool (RAT) that infected over half a million systems around the world was sentenced to almost five years in a U.S. prison on Tuesday. Alex Yücel , 25, owned and operated an organization called "BlackShades" that sold a sophisticated and notorious form of software, called RAT, to several thousands of hackers and other people in more than 100 countries for prices ranging from $40 to $50. BlackShades malware was designed to capture keystrokes, steal usernames and passwords for victims' email and Web services, FTP clients, instant messaging applications, and lots more. In the worst case, the malicious software even allowed hackers to take remote control of victim's computer and webcam to pilfer photos or videos without the knowledge of the computer owner. Yucel (a.k.a. " marjinz ") was sentenced to four and three-quarter years in prison by U.S. District Judge Kev

Kill Switch - the ability to render devices non-operational to prevent theft - has become a hot topic nowadays. The ability to remotely destroy data of the device lost or stolen has been available for quite some time now, but Kill switch not only remotely destroy the devices' data but also the device itself, making it useless for the thieves. Just last week, Google and Microsoft signed an agreement with the New York Attorney General to add " kill switches " to the upcoming versions of Android and Windows Phone devices, as a part of the " Secure our Smartphones " initiative. But now, the largest chip manufacturer, Intel will soon going to provide Kill Switches for your laptops as well. The company has been working on a project called Wireless Credential Exchange (WCE) with several partners in an effort to bring Kill switch to other mobile devices, including laptops. The project uses RFID technology to provision, track and monitor devices such as lapt

When it comes to crime, whether it's an online or offline, FBI doesn't spare anyone. According to the French media reports and various announcements on underground forums by hacking groups, the FBI has started a large-scale operation of International raids with the help of local law enforcement authorities to arrest a particular group of cyber criminals and Hackers. The FBI has targeted the customers of a popular Remote Administration Tool (RAT) called ' blackshades ', which allows them to connect and manage thousands of remotely infected computers over the Internet. WHAT IS BLACKSHADES RAT?? ' Blackshades ' is a remote administration tool (RAT) which allows an attacker to control several clients from around the world.  Blackshades  malware   is fully equipped with Drive-by attacks, Java exploits, keylogger and it allows an attacker to steal usernames and passwords for email and Web services, instant messaging applications, FTP clients and lots more. In worst