A recent development in the cybersecurity realm reveals the emergence of a sophisticated remote access trojan (RAT) known as Xeno RAT, which has been released on GitHub by an individual using the pseudonym moom825. This RAT, written in C# and compatible with Windows 10 and 11, offers a wide array of features for remote system management, including a SOCKS5 reverse proxy and real-time audio recording capabilities.
Moreover, Xeno RAT boasts a hidden virtual network computing (hVNC) module similar to DarkVNC, enabling attackers to remotely access infected computers. The malware is unique in that it is built entirely from scratch and has a builder that allows for the creation of customized variants.
Cybersecurity firm Cyfirma recently reported the distribution of Xeno RAT via the Discord content delivery network (CDN), highlighting a growing trend of freely available malware driving an uptick in RAT-related cyber campaigns. Notably, moom825, the developer behind Xeno RAT, also created DiscordRAT 2.0, which was circulated by threat actors through a malicious npm package called node-hide-console-windows.
In a separate revelation, the AhnLab Security Intelligence Center (ASEC) uncovered a variant of the Gh0st RAT called Nood RAT, designed to target Linux systems and facilitate data exfiltration. Nood RAT is equipped with encryption capabilities to evade network packet detection and can execute various malicious commands as directed by threat actors.
These developments underscore the increasing sophistication and prevalence of malicious tools in the cybersecurity landscape, posing a significant threat to individuals and organizations.
