Security researchers confronted the creator of the new “CodeRAT” backdoor, who then posted the malware’s source code online, according to cybersecurity company SafeBreach. A malicious Word document that had a Dynamic Data Exchange (DDE) exploit was observed to be used to spread the new remote access Trojan (RAT).
With capability for about 50 commands, the CodeRAT malware appears to be targeted at Iranian users and is made to keep track of a victim’s activities both locally (in documents, databases, and IDEs) and online (in social networks, games, and pornographic websites). Evidence reveals that CodeRAT is currently being used to target Iranian developers, according to SafeBreach.
Targeting particular programs (Visual Studio, Python, PhpStorm, and Verilog), luring papers in Farsi, and the sensitive window This viewpoint is supported by Tehran-based Digikala, an Iranian online retailer.
For more such updates follow us on Google News ITsecuritywire News