Cyber Attacks Using BlackWorm RAT-Syrian Hackers

One the notorious Syrian Electronic Army (SEA) in collaboration with a hacker group has mounted with new ideas of cyber attacks using BlackWorm remote access Trojan(RAT).

Kyle Wilhoit and Thoufique Haq, researcher team from FireEye have reportedly”the duo has clearly notified the group identified as The Syrian Malware Team (SMT). Apparently, this group has attached a number of targets using an updated and more developed version of this cyber-attack tool“.

The groups’ activities prompted and motivated them to find them and have a closer look, they also have discovered that the group is using a.NET- based RAT called BlackWorm to infiltrate their targets.

The post by the researchers :

“The Syrian Electronic Army has made news for its recent attacks on major communications websites, Forbes, and an alleged attack on Centcom. While these attacks garnered public attention, the activities of another group – The Syrian Malware Team – have gone largely.”

Now all will be wondering what is a BlackWorm, the answer lies here

BlackWorm is a widely used public attach tool. This tool has received various technical upgrades in past few years. The RAT builder is already available in majority of cyber black markets.This has also created many attacking tools as well, says suspects.

A variation of Bifrose malware has reportedly been found by the researcher team of Trend Micro. This malware influences the Tor network for hiding its communications that were caught for targeting an anonymous device producer on 29 August

According to the FireEye researcher team

“BlackWorm v2.1 has the same abilities as the original version and additional functionality, including bypassing User Account Control (UAC), disabling host firewalls and spreading over network shares. Unlike its predecessor, it also allows for granular control of the features available within the RAT. These additional controls allow the RAT user to enable and disable features as needed”.

Related posts

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

Kia Dealer Portal Vulnerability Risked Millions of Cars