Another participant may now access Xeno RAT, a “highly detailed” remote access trojan (RAT), at no additional expense thanks to GitHub.
According to its inventor, who goes by the moniker moom825, the open-source Mouse comes with a “complete set of features for remote program management.” It was created in C# and is compatible with Windows 10 and Windows 11.
The package includes a SOCKS5 reverse proxy, real-time audio recording, and access to real-time audio recording. It also includes a hidden virtual network computing (hVNC) module that is comparable to DarkVNC, which allows attackers to remotely access an infected machine.
As stated in the job description, the engineer asserts that “Xeno RAT is developed entirely from damage, guaranteeing a unique and personalized approach to distant access tools.” The fact that it has a contractor that can produce customized malware versions is another key element.
Threat stars have disseminated a harmful node package named node-hide-console-windows, which includes another C#-based Mouse dubbed DiscordRAT 2.0, which was discovered by ReversingLabs in October 2023.
Last week, cybersecurity firm Cyfirma published a report claiming to have seen the distribution of Xeno RAT through the Discord content delivery network (CDN). This further emphasizes the increased use of Animal strategies in reaction to the proliferation of affordable and easily accessible malware.
According to the corporation, the downloader is really the company’s main vector, which is a route file that looks like a WhatsApp screenshot. Before downloading, the download process retrieves the ZIP files from the Discord CDN and runs the second stage payload.
The multi-stage process employs a technique called DLL side-loading to initiate a malicious DLL, while simultaneously executing measures to build resistance and evade detection and analysis.
Attacks against Linux systems using a variant of Gh0st Mouse called Nood Mouse allow attackers to get sensitive information; this breakthrough comes after an AhnLab Security Intelligence Center lead by AEC discovered its use.
Nood RAT is a covert piece of malware that, according to ASEC, may download malicious files, steal system internal files, and even execute commands from the C&C server.
The encryption function allows threat actors to carry out numerous malicious operations, and it prevents network packet detection, according to its claims.