New Malware Targets Novice Hackers with Sneaky RAT Scheme

malicious configuration of OpenBullet
Flow malware C2: Source

A new malware campaign has emerged that uses a malicious configuration of OpenBullet to target inexperienced cybercriminals. The goal of the campaign is to deliver a remote access trojan (RAT) that can steal sensitive data. Kasada, a company specializing in bot mitigation and cybersecurity, calls this campaign an example of an advanced threat aimed at seducing novice hackers by devising a strategy that relies on "exploitation of trusted criminal networks."

OpenBullet, an open-source penetration testing tool originally used for web security testing, is now being used in automated credential filling attacks. A malicious configuration of OpenBullet was distributed within the criminal community, triggering the installation of a Remote Access Trojan (RAT) on the victim's computer. The campaign exploited a sense of trust between novice hackers within the community.

The campaign utilizes Telegram channels and GitHub repositories to direct attackers towards malicious configurations. The RAT Trojan using Telegram as a control mechanism launches a series of malicious actions including the theft of cryptocurrency and password information. In addition, the malware also takes advantage of web browsers, accesses cryptocurrency wallets, and even monitors clipboards to steal sensitive data. The two Bitcoin addresses involved in this campaign have received a total of $1,703.15 in the past two months, demonstrating the campaign's success in stealing cryptocurrency from unsuspecting victims.