Gamers are being targeted by more dangerous malware

Hackers are selling malware under the guise of legit software

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Gamers are being targeted by a dangerous and potentmalwarestrain that some researchers believe could be a stepping stone towards attacking corporate targets.

Cybersecurity researchers from AT&T recently discovered a remote access trojan (RAT) named “SeroXen” being advertised and sold on the dark web and in Discord channels.

SeroXen is built on a number of known malware, including Quasar RAT, r77 rootkit, and the NirCmd. It’s hard to detect and offers a number of dangerous functionalities.

Selling malware

“The SeroXen developer has found a formidable combination of free resources to develop a hard to detect in static and dynamic analysis RAT,” AT&T says in its report.

“The use of an elaborated open-source RAT like Quasar, with almost a decade since its first appearance, makes an advantageous foundation for the RAT,” the company says, further stating that “the combination of NirCMD and r77-rootkit are logical additions to the mix, since they make the tool more elusive and harder to detect.”

Quasar allows for reverse proxy, remote shell, remote desktop, TLS communication, and file management, and can be grabbed from GitHub. r77 rootkit offers file-less persistence, child process hooking, malware embedding, in-memory process injection, and antivirus evasion, while NirCmd’s goal is to do simple Windows system tasks, as well as peripheral management tasks.

Are you a target of Pegasus spyware? Get an iPhone and stay safe>Pegasus spyware should face blanket ban, EU says>This is the best ID theft protection right now

Some threat actors were observed advertising the tool as a legitimate remote access program forWindows 10andWindows 11. They’re even charging for it - $15 a month, or $60 for a lifetime license. It remains unclear if the website was built by SeroXen’s developers, or affiliates.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

At the moment, most of the victims are gamers, but the researchers fear that with the growth of popularity, the tool might be picked up by more ambitious actors that could target small or medium-sized businesses (SMBs) and corporate entities, both in the private and public sectors.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

I’ve been covering Apple Watch deals for years – This is the one model most people should buy on Black Friday