NukeSped RAT
The NukeSped RAT is a Remote Access Trojan that can give an attacker control over your PC. It bears characteristics that are typical of North Korean threat actors, although symptoms for any victims aren't visible particularly. Competent anti-malware services should protect your PC and remove the NukeSped RAT automatically, before any compromising of confidential data.
Trojans Speeding Along under the Power of Their Forebears
The umbrella entity of the Lazarus Group, AKA Hidden Cobra, appears at work again with a new attack tool for the expected purposes of monitoring and dominating victims' computers. In this case, the Trojan is a probable update of the HOPLIGHT Trojan – a backdoor Trojan that took advantage of digital certificates for its cover. The Trojan of the hour, the NukeSped RAT, copies both function structures and the functions themselves, from its predecessor.
The NukeSped RAT invokes few APIs and doesn't import many DLL files, by default, as part of a handful of anti-analysis behaviors and features. Depending on the used version, it may or may not configure a service for system persistence; alternately, it can use a Registry key.
Malware experts are confident in verifying the following functions in the NukeSped RAT, which runs on a traditional 'listen, execute, and relay results' format:
- The Trojan can perform various operations on memory processes, including creating or terminating them, and iterating running ones for the enlightenment of the attacker..
- The NukeSped RAT also has matching functionality versus files, which it may read, write, iterate, or even move into other locations. Importantly, it also can download and launch files, which most RATs use for escalating infections..
- Further interest in its detection avoidance is apparent in the RAT's ability for uninstalling itself, and any artifacts indicating the compromise of the PC along with it..
It also bears noting that the NukeSped RAT's central function organization is also very similar to that of FALLCHILL. That program is another Lazarus Group RAT, although it includes 64-bit support that malware analysts can't confirm in the NukeSped RAT.
Taking the Nuclear Power Out of Trojan Espionage
Campaigns from the North Korean actor who bears the apparent responsibility for the NukeSped RAT's existence include different targets and methodology, albeit always with a reasonable level of professionalism. Since 2017, however, Lazarus Group concentrates on data-exfiltrating operations that monitor systems covertly and collect passwords and other credentials. Network administrators in military organizations, diplomatic embassies, banking institutions, and similarly-likely targets should implement appropriate practices for blocking any attacks leveraging the NukeSped RAT and other RATs.
One of the most likely vulnerabilities that could help with the NukeSped RAT's distribution unintentionally is a phishing lure, which uses e-mail or social messaging platforms for tricking users into opening unsafe content. Users should anticipate disguises that are target-relevant, such as an invoice or article about the organization in question. Updating software versions to their latest builds and using strong passwords can provide additional protection. While AV products can remove Trojans, they can't return collected information – or money, in some cases of Lazarus Group's attacks. Having the foresight to keep your PC from becoming a battlefield in cyber-warfare is preferable to winning any individual battle.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.