CrossRAT Malware  - CrossRAT Malware  - APT CrossRAT Malware Targeting Individuals & Steal sensitive Data

A multi-platform discovered with sophisticated surveillance operation that Windows, OSX, and computer globally both and organizations.

It performed by Large-scale Dark Caracal cyber-espionage campaign and conducting advanced spying operation globally.

There are thousand of Victims has been infected and hundreds of gigabytes of have been stolen from more than 21 countries victims including North America, Europe, the Middle East, and Asia.

CrossRAT also considering as a “newly discovered desktop surveillanceware tool.” that has an ability to target Windows, Linux, and OSX and it performs some malicious operations such as manipulate the file system, take screenshots.

Dark Caracal cyber-espionage targeting governments, militaries, utilities, financial institutions, manufacturing companies, and defense contractors.

CrossRAT used by Dark Caracal and exfiltrated data include , call records, audio recordings, secure messaging client content, contact information, messages, photos, and account data.

How does CrossRAT Malware Works

CrossRAT persistence helps to undetectable by malware scanners and it considered as an advanced emerging malware family.

Initially, CrossRAT spreading via Social media links, Phishing emails with an attached jar file that contains a trojanized file.

Since CrossRAT Written in Java, it requires Java to be installed on the target machine. but most recent Mac OS not shipping with Java.

its persistence mechanism bypassed the many antivirus software and it won’t help to detect and remove it from the victim’s machine if the user installed any of this anti-virus software.

- detection - APT CrossRAT Malware Targeting Individuals & Steal sensitive Data

CrossRAT Malware contains .jar file and later it was unzipped and find that it has Java-based package structured Java Bytecode.

- package - APT CrossRAT Malware Targeting Individuals & Steal sensitive Data

The file contains 3 Packages. a, b, Crossrat, org and first package (A), appears to be responsible for determining the OS version of any system it is running on.

Java can support allow the Platform  CrossRAT can be deployed on Windows, Linux, SunOS, and OS X.

Accorinding to Researchers, n an infected system, in order to ensure that the OS automatically (re)executes the malware whenever the system is rebooted, the malware must persist itself. This (generally) requires OS-specific code. That is to say, there are Windows-specific methods of persistence, Mac-specific method, Linux-specific methods, etc…

Once the CrossRAT malware completely infected the victim’s machine, it allows a remote attacker to completely take over the entire computer and it modifying the file system.

Its created for global keyboard and mouse listeners for Java to capture the keyboard activities.

Also, this malware using  java.awt.Robot().createScreenCapture function to capture the victim’s screen and saves it as a disk. later it communicates with its Command & Control server and exfiltrates the data.

Also, an attacker can able to create, delete, modifying the file remotely also execute the arbitrary code on the victim’s machine also, you can read the complete technical analysis here

Source link


Please enter your comment!
Please enter your name here