Hackers are getting hacked via trojanized hacking tools
Someone has been trojanizing a wide variety of hacking tools to compromise the machines of hackers who want to use the tools for free, Cybereason researcher Amit Serper has revealed.
“We have found a widespread hacking campaign that uses the njRat trojan to hijack the victim’s machine, giving the threat actors complete access that can be used for anything from conducting DDoS attacks to stealing sensitive data,” he shared.
About the trojanized hacking tools
The researchers’ investigation revealed that this campaign appears to have been going on for several years.
“So far, we have found samples that are either pretending to be various hacking tools or pretending to be installers of the Chrome Internet browser,” they noted.
Among the trojanized hacking tools are exploit scanners, tools for performing SQL injections, account checkers (tools for brute forcing accounts), and so on, as well as cracks/key generators for them.
Who’s behind this scheme?
The individual or group behind this scheme is offering the trojanized tools on various hacking forums and websites, and hosting them on hacked WordPress sites.
The identity of the threat actor is unknown, but there is a good possibility they might be located in Vietnam: not only has one of the C&C/download domains (capeturk.com) the njRat contacts been registered by a Vietnamese individual, but someone from Vietnam is constantly testing the malicious samples by submitting them to VirusTotal.
“After examining different samples submitted to different subdomains of capeturk.com, it appears that each subdomain is targeting different software and therefore a different set of victims. While all of the samples associated with blog.capeturk.com are targeting various penetration testing and hacking tools, other subdomains are targeting Chrome installers, native Windows applications, and other random programs that have nothing to do with hacking or penetration testing,” the researchers added.
So, it seems that the threat actor isn’t exclusively targeting other hackers, but anyone they can.