Malware xRAT claims to be a lewd game

Malware xRAT claims to be a lewd game. Tricked into embedded on a Windows system machine.

Playing pornographic video games or finding pornographic videos to watch is, although morally and in some places, illegal, it must be recognized as human nature as a whole, so that in many countries, even at the risk of finding contraband to watch, it often embraces the risk, but some risks may be more dangerous than recruiters expect, such as in this news.

According to a report by the website Cyber Security News, it has mentioned the detection of a remote access trojan malware distribution campaign called xRAT, also known as QuasarRAT. The campaign focuses on tackling a group of users of the Windows operating system in South Korea by impersonating pornographic video games through social engineering.

In spreading this malware, hackers compress fake game files with malware hidden in the Zip file format, which inside the file contains many different files that look similar to normal games, such as Game.exe, Data1. Pak and other supporting files. This compressed file is uploaded on Webhard, a popular file depository service in South Korea. Web services in this format, when new files are uploaded and interesting files are named, people buy files from the platform. The uploader gets a share of the file value. This is called. In addition to tricking the victim into downloading the malware file from the naming of the interesting file, they earn revenue. This is called the whole box.

After the victim downloads a fake game file and unfolds it and runs the Game.exe file, it will find a menu screen similar to the game launcher or the launcher. But after the victim presses the Play button to play the game, the malware will start immediately by copying the Data1.Pak file to the Locales _ module folder under the name Play.exe. Meanwhile, the malware will copy Data2.Pak and Data3.Pak files to the Windows Explorer folder under the names GoogleUpdate.exe and WinUpdate.db.

After all files have been deployed in a given folder, the malware will run the GoogleUpdate.exe file. The file will search for WinUpdate.db files in the same folder and decryption them. Using the AEC algorithm to extract the last Shellcode malware code and shoot the code to a process called explorer.exe, which is an important Windows process, giving the malware the highest level of access to the system (SYSTEM). In addition, to firing the code into the process, the EtwEventWrite function is used with the Return Instruction command to disable it. Windows Logging's Event Tracing makes it difficult to detect the installation and operation of malware. It also prevents detection by various cyber protection tools on board, so that it can be called a stabilization technique or a type of Persistence.

After everything is ready, it will actually shoot down the last code. This is the code of the xRAT malware that is effective at stealing a variety of data - storing system data, secretly trapping keyboard data, and smuggling file theft back to hackers or even sending files from hackers into the machine. In the wake of the misfortune, the source has warned that users are extremely careful to download files for the security of the data and the machine.

# Trending # Lemon 8 Howtoo # Drug sign with lemon8 # lemon 8 diary # freedomhack