WrnRAT Delivered as Gambling Games

Home/BOTNET, Compromised, Exploitation, Internet Security, malicious cyber actors, Malware, Mobile Security, Security Advisory, Security Update/WrnRAT Delivered as Gambling Games

WrnRAT Delivered as Gambling Games

WrnRAT is a new malware that cybercriminals deploy by disguising it as popular gambling games like Badugi, Go-Stop, and Hold’em.

WrnRAT Malware

Attackers set up a fake gambling website that prompts users to download a game launcher.

Instead of starting a game, this launcher installs the WrnRAT malware.

Once installed, WrnRAT gives attackers remote control of the system, allowing them to steal information and carry out other harmful actions.

Source – ASEC

The malware, likely installed through a Korean-commented batch script, spreads via platforms like HFS, which serves as a dropper for additional malware focused on data theft.

This .NET-based dropper, disguised as installers, launches a fake “iexplorer.exe” in the Internet Explorer directory, which deploys the WrnRAT trojan.

The launcher initiates the WrnRAT trojan, which then begins executing its malicious functions. After activation, the launcher deletes itself to avoid detection, leaving WrnRAT as the sole hidden threat on the system.

WrnRAT, written in Python and disguised as an executable, primarily acts as a screen capture tool. It continuously takes screenshots and sends them to a remote server controlled by attackers. Additionally, WrnRAT gathers essential system details, such as OS information and hardware specs, allowing attackers to learn more about the infected device.

The malware can also end specific processes, potentially disabling security software or other defenses. These capabilities give attackers persistent access to the system, enabling further data theft and manipulation without the user’s knowledge.

The attacker deploys extra malware to alter firewall settings, making the attack harder to detect and counter.

This remote access Trojan (RAT) can execute various malicious commands and collect system details like IP address, MAC address, client ID, and gateway.

The malware can control screen capture settings, like enabling or disabling monitoring and adjusting capture delay and quality, by ending certain processes on infected systems.

Recent attacks have targeted gambling game enthusiasts, particularly players of 2-player Go-Stop, Hold’em, and Badugi, according to ASEC.

Attackers are spreading malware disguised as these games to steal sensitive information, including gameplay screenshots, allowing them to monitor user activity and potentially cause financial loss.

To reduce risk, users should be cautious when downloading game installers, avoid suspicious sources, and keep antivirus software, like V3, updated for stronger protection.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 228
By | 2024-11-04T23:24:54+05:30 October 29th, 2024|BOTNET, Compromised, Exploitation, Internet Security, malicious cyber actors, Malware, Mobile Security, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!