A known Chinese threat actor is recycling old malware, in an attempt to evade detection, cut down on costs, and send researchers on a wild goose chase.
A report from Symantec says the group, known as Webworm, has used at least three ancient malware variants (and by “ancient”, we mean from 2008 – 2017), modified them a little bit, and then tested them out against IT service providers in Asia to see how they work.
Given the malware’s age, they sometimes manage to fly under antivirus solutions’ radars, they added.
The first one is called Trochilus RAT, in circulation since at least 2015, and freely available on GitHub.
It was first discovered attacking people visiting a Myanmar website. Webworm tweaked it so that it can load its configuration from a file by checking in a set of hardcoded directories. It was also said to have the ability to move laterally across endpoints in the target network, for better access. The second one is 9002 RAT, a stealthy remote access trojan that’s now gotten better encryption for its communication protocol, which made it even more difficult to detect.
Finally, the third is called Gh0st RAT, a 14-year-old trojan that …read more
NASA Chooses Spacex To Launch A Self Propelled Space Station To The Moon