Threat actors leverage RATs for sustained access to compromised systems, facilitating prolonged espionage and exploitation.
North Korean hackers and other threat actors targeting the gaming community are distributing XenoRAT via a GitHub repository and .gg domains, disguised as Roblox scripting tools, as discovered by Hunt’s research team.
Xeno RAT
The ASEC division of AhnLab reported evidence of a North Korea-linked group using Dropbox to distribute XenoRAT.
It was discovered that the software was in an open directory controlled by the Kimsuky threat group. This increasing risk uses various deceptive methods to target gamers and developers across platforms.
XenoRAT’s GitHub page showcases advanced features like HVNC, audio espionage, and SOCKS5 reverse proxy. Communication between clients and the controller occurs via TCP sockets, following a recognizable pattern for identifying malicious activities.
Concerningly, the malware is spread through .gg domains popular in the esports community, targeting gamers. Network IDS rules for detection are available on the ET website.
This underscores how threat actors leverage well-known platforms and communities to distribute their tools. The discovery of SynapseX.revamped.V1.2.rar, an untrusted file communicating with .gg sites, led to the creation of a GitHub repository disguised as a Roblox scripting engine.
The repository housed multiple malicious executable files, including XenoRAT and Quasar. Additionally, one file identified as XWorm malware was noted by the GitHub user. Further investigation uncovered a YouTube channel named “P-Denny Gaming” associated with the repository, which advised users to disable Windows Defender before installing the malware.
The channel’s content and comments aimed to deceive users into believing the malicious files were legitimate tools.
Distributing XenoRAT and other malware through .gg domains and GitHub poses significant risks to gaming communities.
These threats exploit gamers’ trust in seemingly beneficial tools, potentially leading to theft of personal data, game items, and financial information.
Utilizing open-source platforms for malware dissemination amplifies the risk of widespread infections.
Even when downloading from trusted sources, users must exercise extreme caution.
Creating a secure online gaming environment requires gamers to be vigilant and skeptical, as these sophisticated social engineering tactics disproportionately impact the gaming community.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment