The group behind SilverRAT, a sophisticated remote access Trojan, is linked to both Turkey and Syria. They plan to release an updated version of the tool to allow control over compromised Windows systems and Android devices.
According to a threat analysis published on Jan. 3, SilverRAT v1 currently works only on Windows systems and allows the building of malware for keylogging and ransomware attacks. It also includes destructive features, such as the ability to delete system restore points, as stated in a report from Singapore-based Cyfirma.
The tool demonstrates that the region’s cybercriminal groups are becoming more sophisticated and dynamic. The first version of SilverRAT, leaked by unknown actors in October, consists of a builder that allows the user to construct a remote access Trojan with specific features.
At least two threat actors, under the handles “Dangerous silver” and “Monstermc,” are the developers behind SilverRAT. They operate on Telegram and online forums, where they engage in activities such as selling malware-as-a-service and offering DDoS attacks on demand. The group is active on Middle Eastern forums, and has developed a botnet called “BossNet” to conduct DDoS attacks.
Sarah Jones, a cyber threat intelligence research analyst, suggests that while state-sponsored hacking groups have dominated the Middle East threat landscape, homegrown groups like Anonymous Arabic continue to proliferate in the cybercrime markets.
The profile of young hackers in the Middle East revealed that at least one member of the Anonymous Arabic group started as a game hacker before moving on to cybercrime.
The United States Department of Homeland Security’s Cyber Safety Review Board has identified young hackers as an existential danger due to their transition into cybercriminal enterprises.
While this content highlights the development of SilverRAT, it exemplifies the evolving nature of the underground markets in the region.