Thursday, November 26, 17:59
Home security New RAT malware receives commands via Discord!

New RAT malware receives commands via Discord!

The new "Abaddon" remote access trojan may be the first to use Discord as a complete command and control server that instructs malware on what to do on an infected computer. Worse, an ransomware feature is being developed for the malware.

This is not the first time that some attackers have used Discord for malicious activity.

In the past, we have reported how threatening agents use Discord as a stolen "data drop" or have created malware that modifies the Discord client to steal credentials and others information.

Discord

RAT uses Discord as a complete C2 server

A new "Abaddon" remote access trojan (RAT) discovered by MalwareHunterTeam could be the first malware to use Discord as a complete command and control server.

A command and control server (C2) is a remote host from which the malware receives commands to run on an infected computer.

When it launches, Abaddon will automatically steal the following data from an infected computer:

  • Credentials from Steam and list of installed games
Discord
  • Discord tokens and MFA information.
  • File lists
  • System information, such as country, IP address and information hardware.

Abaddon will then connect to Discord's command and control server to see if new ones are running. commands, as shown in the figure below.

Discord

These commands will tell the malware to perform one of the following tasks:

  • Steal a file or the whole directories From the computer
  • Get a list of drives
  • Open a reverse shell - which will allow the attacker to execute commands on the infected computer.
  • Start ransomware in development.
  • Send back any information collected and delete the existing data collection.

Malware will connect to C2 every ten seconds to run new work.

Using a "Discord C2 server", the threatening agent can constantly monitor the collection of infected computers for new data and execute further commands or malicious programs on the computer.

Development of a basic ransomware

One of the tasks that can be performed by malware is encryption of the computer with ransomware and decrypt the files after payment ransoms.

This feature is in progress as the ransom note template contains filler as the developer is working on this feature.

Discord

With ransomware being extremely lucrative, it would not be a surprise to see this feature completed in the future.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

How to choose which extensions will appear in the Firefox toolbar

If you are using extensions with Mozilla Firefox and want to add or remove some extension icons from the toolbar, you can ...

WhatsApp OTP Scam: steps to avoid hackers

WhatsApp is gaining more and more reputation as one of the most used mobile messaging applications worldwide, with more users ...

Sophos notifies some customers that their personal information has been exposed

The British cybersecurity and hardware company Sophos sent an email to some of its customers to inform them that their personal ...

A $ 6 million fine was imposed on Facebook for data sharing

Facebook has been fined 6,7 billion won (about $ 6 million) for sharing user data from Korea without ...

How to turn off "Blood Oxygen Monitoring" on the Apple Watch

Apple Watch Series 6 and newer versions come with "blood oxygen monitoring" function. It records even in the background the ...

Ransomware attack hits Baltimore school district!

The Baltimore School District was attacked by ransomware on Nov. 25 and shut down its affected network systems. THE...

Google Chrome: Execute commands via the address bar

Google has released a new feature in Google Chrome 87 that lets you run commands from the address bar.

Belden: Network device maker under cyber attack!

The manufacturer of network devices "Belden" was attacked by cyber, as a result of which the hackers behind it stole files containing information ...

Zero-day error in Windows 7 and Server 2008 receives free patch

A local rights scaling vulnerability (LPE) affecting all Windows 7 and Server 2008 R2 devices has received a free and temporary ...

Phishing / email hacks: The most commonly reported scams in the US and the UK

According to security researchers, phishing attacks and social media / email hacks are the most frequently reported attacks in the US and ...