A experts’ report describes in detail a tool that was previously unknown to researchers – RAT Ratsnif (the researchers studied its four versions). The earliest version of the malware dates 2016. Apparently, at that time malware was still at the debugging stage. The newest version was created in August 2018.
“The trojans, under active development since 2016, combine capabilities like packet sniffing, gateway/device ARP poisoning, DNS poisoning, HTTP injection, and MAC spoofing”, — say researchers from Blackberry Cylance.
Experts note that, unlike earlier versions, the most recent version of Ratsnif no longer has the hard-coded addresses of the control servers in the code and delegates all the communications to malware, which is also installed in the victim’s system. In addition, this is the first version in which there is a configuration file, as well as a number of new functions that increase the effectiveness of the malware: HTTP injecting, protocol parsing, and interference with SSL.
At the same time, Blackberry Cylance analysts note that Ratsnif can hardly be called a work of cyber-spy art. The fact is that a large part of the malware code was borrowed from open sources, and the overall quality of the development is evaluated by experts as low: during the analysis, a bug was detected in the malware code related to the violation of memory reading.
“Ratsnif is an intriguing discovery, considering the length of time it remained undetected, likely due to limited deployment. It offers a rare glimpse on two years of feature development, allowing us to observe how threat actors tailor tooling to their nefarious purposes”, — report specialists from Blackberry Cylance.
At the same time, according to researchers, Ratsnif does not meet rather high standards of usual OceanLotus malware.
About Janorfeb.xyz Janorfeb.xyz pop-ups can not open out of nowhere. If you have clicked on…
About Re-captha-version-3-263.buzz Re-captha-version-3-263.buzz pop-ups can not launch out of the blue. If you have actually…
About Usavserver.com Usavserver.com pop-ups can not expose out of the blue. If you have clicked…
About Yourgiardiablog.com Yourgiardiablog.com pop-ups can not expose out of the blue. If you have actually…
About Bihanrit.xyz Bihanrit.xyz pop-ups can not launch out of nowhere. If you have actually clicked…
About Thenetaservices.com Thenetaservices.com pop-ups can not introduce out of the blue. If you have actually…