fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New RAT Malware Gets Commands Via Discord, Has Ransomware Feature

New RAT Malware Gets Commands Via Discord, Has Ransomware Feature

The new ‘Abaddon’ remote access trojan may be the first to use Discord as a full-fledged command and control server that instructs the malware on what tasks to perform on an infected PC. Even worse, a ransomware feature is being developed for the malware.

Threat actors abusing Discord for malicious activity is nothing new.

In the past, we have reported on how threat actors use Discord as a stolen data drop or have created malware that modifies the Discord client to have it steal credentials and other information.

RAT uses Discord as a full C2 server

A new ‘Abaddon’ remote access trojan (RAT) discovered by MalwareHunterTeam, though, could be the first malware that uses Discord as a full-fledge command and control server.

A command and control server (C2) is a remote host that malware receives commands to execute on an infected computer.

When started, Abaddon will automatically steal the following data from an infected PC:

  • Chrome cookies, saved credit cards, and credentials.Code showing the stealing of Chrome dataCode showing the stealing of Chrome data
  • Steam credentials and list of installed gamesCode showing Steam data theftCode showing Steam data theft
  • Discord tokens and MFA information.
  • File listings
  • System information such as country, IP address, and hardware information.

Abaddon will then connect to the Discord command and control server to check for new commands to execute, as shown by the image below.

Receive a task from the Discord server
Receive a task from the Discord server

These commands will tell the malware to perform one of the following tasks:

  • Steal a file or entire directories from the computer
  • Get a list of drives
  • Open a reverse shell that allows the attacker to execute commands on the infected PC.
  • Launch in-development ransomware (more later on this).
  • Send back any collected information and clear the existing collection of data.

Also Read: PDPA For Companies: Compliance Guide For Singapore Business

The malware will connect to the C2 every ten seconds for new tasks to execute.

Using a Discord C2 server, the threat actor can continually monitor their collection of infected PCs for new data and execute further commands or malware on the computer.

Developing a basic ransomware

One of the tasks that can be executed by the malware is to encrypt the computer with basic ransomware and decrypt files after a ransom is paid.

This feature is currently in development as its ransom note template contains filler as the developer works on this feature.

In-development ransomware component
In-development ransomware component

With ransomware being extremely lucrative, it would not be surprising to see this feature completed in the future.

Also Read: Trusted Data Sharing Framework IMDA Announced In Singapore

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us