Latest news with #AsyncRAT
Mid East Info
4 days ago
- Mid East Info
ESET Research uncovers variants of AsyncRAT, popular choice of cybercriminals - Middle East Business News and Information
ESET Research is releasing its analysis of AsyncRAT — a remote access tool (RAT) designed to remotely monitor and control other devices. Over the years, AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasive threat that has evolved into a sprawling network of its variants and forks (customized and improved versions of the original tool). The published analysis provides an overview of the most relevant forks of AsyncRAT, drawing connections between them and showing how they have evolved. AsyncRAT, an open-source RAT, was released on GitHub in 2019 by a user going by the name of NYAN CAT. It offers a wide range of typical RAT functionalities, including keylogging, screen capturing, credential theft, and more. Its simplicity and open-source nature have made it a popular choice among cybercriminals, leading to its widespread use in various cyberattacks. 'AsyncRAT introduced significant improvements, particularly in its modular architecture and enhanced stealth features, making it more adaptable and harder to detect in modern threat environments. Its plug-in-based architecture and ease of modification have sparked the proliferation of many forks, pushing the boundaries even further,' says ESET researcher Nikola Knežević, author of the study. Ever since it was released to the public, AsyncRAT has spawned a multitude of new forks that have built upon its foundation. Some of these new versions have expanded on the original framework, incorporating additional features and enhancements, while others are essentially the same version in different clothes. The most popular variants for the attackers, according to ESET telemetry, are DcRat, VenomRAT, and SilverRAT. DcRat offers a notable improvement over AsyncRAT in terms of features and capabilities, while VenomRAT is packed with further additional features. However, not all RATs are serious in nature, and this applies equally to AsyncRAT forks. Clones like SantaRAT or BoratRAT are meant to be jokes. Despite this, ESET has found instances of real-world malicious usage of these in the wild. In its analysis, ESET Research has cherry-picked some lesser-known forks, too, as they enhance AsyncRAT's functionality beyond the features included in the default versions. These exotic forks are often the work of one person or group, and they make up less than 1% of the volume of AsyncRAT samples. 'The widespread availability of frameworks such as AsyncRAT significantly lowers the barrier to entry for aspiring cybercriminals, enabling even novices to deploy sophisticated malware with minimal effort. This development further accelerates the creation and customization of malicious tools. This evolution underscores the importance of proactive detection strategies and deeper behavioral analyses to effectively address emerging threats,' concludes Knežević. For a more detailed analysis and technical breakdown of various AsyncRAT variants and forks, check out the latest ESET Research blogpost, 'Unmasking AsyncRAT: Navigating the labyrinth of forks,' on Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research. About ESET ESET® provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of emerging global cyberthreats, both known and unknown— securing businesses, critical infrastructure, and individuals. Whether it's endpoint, cloud or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. The ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit or follow our social media, podcasts and blogs.
Channel Post MEA
22-07-2025
- Channel Post MEA
ESET Identifies Variants of AsyncRAT, Favourite With Cybercriminals
ESET Research has released its analysis of AsyncRAT — a remote access tool (RAT) designed to remotely monitor and control other devices. Over the years, AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasive threat that has evolved into a sprawling network of its variants and forks (customized and improved versions of the original tool). The published analysis provides an overview of the most relevant forks of AsyncRAT, drawing connections between them and showing how they have evolved. AsyncRAT, an open-source RAT, was released on GitHub in 2019 by a user going by the name of NYAN CAT. It offers a wide range of typical RAT functionalities, including keylogging, screen capturing, credential theft, and more. Its simplicity and open-source nature have made it a popular choice among cybercriminals, leading to its widespread use in various cyberattacks. 'AsyncRAT introduced significant improvements, particularly in its modular architecture and enhanced stealth features, making it more adaptable and harder to detect in modern threat environments. Its plug-in-based architecture and ease of modification have sparked the proliferation of many forks, pushing the boundaries even further,' says ESET researcher Nikola Knežević, author of the study. Ever since it was released to the public, AsyncRAT has spawned a multitude of new forks that have built upon its foundation. Some of these new versions have expanded on the original framework, incorporating additional features and enhancements, while others are essentially the same version in different clothes. The most popular variants for the attackers, according to ESET telemetry, are DcRat, VenomRAT, and SilverRAT. DcRat offers a notable improvement over AsyncRAT in terms of features and capabilities, while VenomRAT is packed with further additional features. However, not all RATs are serious in nature, and this applies equally to AsyncRAT forks. Clones like SantaRAT or BoratRAT are meant to be jokes. Despite this, ESET has found instances of real-world malicious usage of these in the wild. In its analysis, ESET Research has cherry-picked some lesser-known forks, too, as they enhance AsyncRAT's functionality beyond the features included in the default versions. These exotic forks are often the work of one person or group, and they make up less than 1% of the volume of AsyncRAT samples. 'The widespread availability of frameworks such as AsyncRAT significantly lowers the barrier to entry for aspiring cybercriminals, enabling even novices to deploy sophisticated malware with minimal effort. This development further accelerates the creation and customization of malicious tools. This evolution underscores the importance of proactive detection strategies and deeper behavioral analyses to effectively address emerging threats,' concludes Knežević.
Tom's Guide
02-06-2025
- Tom's Guide
Hackers are using fake Booking.com sites to infect summer travelers with dangerous malware — how to stay safe
Summer is here and if you haven't booked your holiday travel plans yet, you're going to want to be extra careful when doing so. The reason being, hackers are now using popular booking sites to infect unsuspecting travelers with dangerous password-stealing malware. According to the cybersecurity firm Malwarebytes, a new campaign has been spotted online that uses malicious links on social media and gaming sites to trick people into visiting fake sites impersonating the popular online booking service Given that almost half (40%) of people book their travel through general web searches, there are plenty of opportunities for hackers to lead them astray in an attempt to steal their hard-earned cash and sensitive data. Here's everything you need to know about this new campaign along with some tips and tricks to help you stay safe from hackers while booking your summer getaway. In a new blog post, Malwarebytes' researchers explain that this new campaign was first spotted online at the end of last month. When a user clicks on one of the malicious links impersonating they're taken to a verification page where fake CAPTCHAs are then used to trick them into copying code over to their clipboard. This occurs when they click on the checkbox next to the text 'I'm not a robot' on one of these fake CAPTCHA that CAPTCHAs are used so frequently online these days, most people wouldn't think twice before clicking one. However, these fake verification prompts are similar to those we've seen in recent ClickFix attacks. For those unfamiliar, these types of attacks are designed to trick you into infecting your own computer with malware but fortunately, they're easy to spot. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Instead of solving a puzzle or identifying a certain object in a set of pictures, a new verification prompt appears that asks you to do something you never should: run a command prompt and then execute the code that was copied over to your clipboard. This is a major red flag and an easy indication that you're not actually on official website. Still though, unsuspecting travelers trying to lock in a great deal quickly could potentially fall for this tactic. If they do, their computer will be infected with the AsyncRAT the instant they run the code that was previously copied to their clipboard. Given that we're dealing with a Remote Access Trojan here, this malware is able to spy on your computer, steal all sorts of sensitive personal and financial information, record your keystrokes, upload and download files, access your webcam and more. Given that hackers and other cybercriminals can easily put links to fake sites on social media and even in search engines through malicious ads, you need to be extremely careful when booking a vacation or anything else online for that matter these days. Instead of typing the address for a site like into your browser and heading to the first link, you want to scroll all the way down past the ads to the company's actual site. Better yet, if you know a company's web address, just type that into your browser's address bar instead. If you are prompted to verify your identity when visiting a travel site, pay close attention to the form of verification used. Typing out the numbers and letters in a scrambled image or identifying which images in a set are actual cars are both legitimate verification methods. Pressing Win + R to open a command prompt and run code that was copied to your clipboard without your knowledge definitely isn't though. To stay safe from any malware that might slip through the cracks, you want to make sure that your PC is protected with the best antivirus software or your Apple computer has the best Mac antivirus software installed. For additional protection though, you might also want to consider signing up for one of the best identity theft protection services as they can help you recover your identity or any funds lost to fraud from scams. Summer is a great time to get out and go somewhere new but if you rush to get that last-minute booking in, you could be putting yourself and your data at risk. That's why you always want to take some extra precautions when making travel plans and if a deal or a website seems too good to be true, it probably is.
TECHx
05-03-2025
- TECHx
New Malware Targets MENA Region, Steals Cryptocurrency Data - TECHx Media New Malware Targets MENA Region, Steals Cryptocurrency Data
Threat Intelligence specialists at Positive Technologies Expert Security Center (PT ESC) have uncovered a new malware campaign actively targeting individuals in the Middle East and North Africa (MENA) region. Since September 2024, attackers have been using a modified version of AsyncRAT to steal sensitive data, particularly focusing on cryptocurrency wallet information. The campaign is distributed through social media ads, with attackers posing as news outlets to lure victims to malicious file-sharing platforms or Telegram channels. The malware is designed to harvest cryptocurrency wallet data and send it to a Telegram bot operated by the attackers. PT ESC's investigation revealed approximately 900 potential victims, with most affected individuals being regular users from industries including oil and gas, construction, IT, and agriculture. Victims are primarily located in Libya (49%), Saudi Arabia (17%), Egypt (10%), Turkey (9%), UAE (7%), and Qatar (5%). The group behind the campaign has been named Desert Dexter, a reference to one of the suspected operators. During the investigation, researchers discovered the attackers were using temporary accounts and fake news channels on Facebook to bypass ad filters and spread their malicious posts. Although a similar campaign was documented in 2019, the current operation introduces new techniques to make the malware more effective. Denis Kuvshinov, Head of Threat Intelligence at Positive Technologies, explained that the attack follows a multi-stage process, beginning with victims being lured to file-sharing services or Telegram channels, where they unknowingly download a RAR archive containing malicious files. These files install AsyncRAT, collect system information, and send the data to a Telegram bot controlled by the attackers. The modified AsyncRAT includes an updated IdSender module, which specifically targets cryptocurrency wallet extensions, two-factor authentication extensions, and software used to manage cryptocurrency wallets. While the tools used by Desert Dexter are not particularly sophisticated, their use of social media ads and legitimate services has made the campaign effective. The attackers exploit geopolitical tensions in the MENA region, targeting both individual users and high-ranking officials. Researchers have noted that the region remains a prime target for cyberattacks due to ongoing political instability, with phishing campaigns increasingly using political themes to lure victims.
Zawya
05-03-2025
- Zawya
Positive Technologies experts uncover new malware campaign in the Middle East
Dubai - Threat Intelligence specialists at the Positive Technologies Expert Security Center (PT ESC) have identified and analyzed a new malware campaign targeting individuals in the Middle East and North Africa. Active since September 2024, the campaign uses a modified version of AsyncRAT to target victims. To spread the malware, the attackers posed as news outlets on social media, creating promotional posts with links to file-sharing platforms or Telegram channels. The modified malware is designed to steal cryptocurrency wallet data and communicate with a Telegram bot. The investigation revealed approximately 900 potential victims, most of whom are everyday users. Among those affected are employees working in industries such as oil and gas, construction, IT, and agriculture. Analysis showed that most victims are located in Libya (49%), Saudi Arabia (17%), Egypt (10%), Turkey (9%), the UAE (7%), Qatar (5%), and other countries. The group behind the campaign was dubbed Desert Dexter, named after one of the suspected authors. During the investigation, researchers found that the attackers rely on temporary accounts and fake news channels on Facebook [1] to bypass the platform's ad filters. A similar attack was documented by Check Point researchers in 2019, but the campaign described here introduces new techniques to the attack chain. Denis Kuvshinov, Head of Threat Intelligence, Positive Technologies Expert Security Center, said:"This attack follows a multi-stage process. The victim is lured from a promotional post to a file-sharing service or a Telegram channel operated by the attackers, which imitates a media outlet. From there, the victim receives a RAR archive containing malicious files. These files download and execute AsyncRAT, gather necessary system information, and send it to the attackers' Telegram bot. The AsyncRAT version used in this campaign includes a modified IdSender module that collects information about cryptocurrency wallet extensions, two-factor authentication extensions in various browsers, and software used to manage cryptocurrency wallets." While Desert Dexter's tools are not particularly sophisticated, their use of social media ads, legitimate services, and the geopolitical context of the region has made the campaign effective. The group posts messages about allegedly leaked confidential information, making the attack chain versatile enough to infect the devices of not only regular users but also high-ranking note that ongoing tensions in the Middle East and North Africa have made the region a prime target for cyberattacks aimed at both government institutions and individual users. Political themes remain a common lure in phishing campaigns, with attacks becoming more sophisticated and malware being continuously adapted to meet the needs of different threat actors. Positive Technologies is an industry leader in result-driven cybersecurity and a major global provider of information security solutions. Our mission is to safeguard businesses and entire industries against cyberattacks and non-tolerable damage. Over 4,000 organizations worldwide use technologies and services developed by our company. Positive Technologies is the first and only cybersecurity company in Russia publicly available on the Moscow Exchange (MOEX: POSI), with 205,000 shareholders and counting. Follow us on X, LinkedIn, and in the News section at [1] Meta (Facebook) is currently prohibited in Russia.
