Hackers use Remote Access Trojans (RATs) to gain unauthorized access and control over a victim’s computer remotely.
These malicious tools allow hackers to perform various malicious activities like the following without the user’s knowledge:-
Execute commands
Steal sensitive information
Unauthorized access
Unauthorized manipulation
Recently, cybersecurity researchers at Cyfirma discovered Silver RAT, which evades anti-virus software to hack Windows machines.
Silver RAT, which is written in C sharp, has the following capabilities:-
Bypass anti-viruses
Covertly launch hidden applications
Covertly launch browsers
Covertly launch keyloggers
Document
Free Webinar
Fastrack Compliance: The Path to ZERO-Vulnerability
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.
Silver RAT Evades Anti-viruses
Developers active on hacker forums and social media, especially on Telegram, to offer services like:-
Cracked RATs
Leaked databases
Carding
Social media bot sales
Silver RAT v1.0 was initially seen in November 2023 which has destructive features and a Windows base, but a new version is planned for the following two platforms:-
Windows
Android
While besides this, ‘noradlb1’ is a known developer with a respected reputation on forums. The cracked version surfaced in October 2023 on Telegram and GitHub.
Silver RAT’s builder allows threat actors to customize payloads up to 50kb. Once connected, the victim’s logs appear on the attacker’s panel.
The final payload is a Windows executable file delivered through social engineering.
Apart from this, the sale announcement first appeared on the following hacking forums among the several ones:-
TurkHackTeam
1877
A successful connection grants the attacker control over the target system. Through the ‘Manager’ option, they can do the following things:-
Handle applications
Navigate the file manager
Modify registry keys
Check startup items
Monitor system performance
Here below, we have mentioned all the other malicious activities that threat actors can leverage:-
Hidden Apps
Hidden Browsers
Hidden VNC
Functionalities of Silver RAT
Here below, we have mentioned all the functionalities of the Silver RAT:-
Command and control via IP address/port or webpage.
Windows Defender exclusion for post-launch stealth.
Configuration to erase all system restore points.
Delayed execution option for the payload.
Hidden process and installation in task manager.
Custom process name to conceal payload in folders.
Antivirus bypass through FUD Crypters.
Researchers discovered two Telegram channels used by the Silver RAT devs, which show high engagement. While CYFIRMA finds they use a known Crypto wallet with diverse addresses (Bitcoin, Ethereum, USDT):-
Bitcoin wallet is empty
Ethereum shows 8 transactions totaling 2,275.67 USD (Dec 24-25, 2023)
Researchers trace PayPal purchases and obtain threat actors’ Gmail. Further investigation links a hacktivist Facebook account supporting the “Syrian Revolution” to a Silver RAT developer known for FPS game hacks.
Recommendations
Here below, we have mentioned all the recommendations offered by the cybersecurity analysts:-
Security Awareness Training
Regular Updates
Data Encryption
Incident Response Plan
User Support
Regular Backups
App Review
Network Security
Behavioral Analysis
Endpoint Detection and Response (EDR)
Firewall Configuration
IOCs
IOCs (Source – Cyfirma)
The post Silver RAT Evades Anti-viruses to Hack Windows Machines appeared first on Cyber Security News.
Cyber Security News
