Study finds repackaged malware used to attack other hackers

In a new round of malware campaigns, Cybereason’s Amit Serper found that by repackaging infected malware, hackers themselves have been targeted by other hackers. For years, hackers have generally used existing tools to carry out cybercrime operations, such as stealing data from a database and unlocking the full version of the trial software by cracking/registering code generators.

Study finds repackaged malware used to attack other hackers

njRat infographic (from: Cybereason)

Yet powerful remote tools themselves have become targets for some ulterior motives. By injecting a Trojan, the producer can gain full access to the target computer when the tool is turned on.

Amit Serper says attackers tend to post repackaged tools on hacker forums to ‘trick’ other hackers and even open backdoors for systems that have been compromised by malware.

If hackers use these Trojan tools to launch cyberattacks on a business, including the white hat for security research, the person who repackages the attack tool will also be able to access the victim’s sensitive data.

It is understood that these as far as unknown attackers are using powerful njRat trojans to inject code and repackage hacking tools that give them full access to the target desktop, files, Trojans, and even webcams and microphones.

The Trojan dates back at least to 2013, when it was often used against targets in the Middle East, spreading through phishing emails and infected flash drives.

Recently, however, hackers have injected malware into dormant or unsafe websites to evade detection. In the case of the recent attack, it is known that the people behind it are using the same hacking techniques to host njRat.

Amit Serper points out that the attacker compromised several websites that they did not know who owned to host hundreds of njRat malware samples and the infrastructure that the attacker used to control.

To make matters worse, this process of injecting the njRat Trojan into a hacker tool occurs almost daily, meaning that it may have been done automatically without direct intervention.

The exact reason for the attack and the exact reason for the attack is not immediately known.