{"id":5479,"date":"2020-03-11T11:54:02","date_gmt":"2020-03-11T11:54:02","guid":{"rendered":"https:\/\/fintech.global\/cybertechforum\/?p=5479"},"modified":"2020-03-11T11:54:02","modified_gmt":"2020-03-11T11:54:02","slug":"hackers-are-hacking-hackers-in-a-new-unearthed-widespread-campaign","status":"publish","type":"post","link":"https:\/\/fintech.global\/cybertechforum\/hackers-are-hacking-hackers-in-a-new-unearthed-widespread-campaign\/","title":{"rendered":"Hackers are hacking hackers in a new unearthed widespread campaign"},"content":{"rendered":"<p><em>From:\u00a0<\/em><a href=\"http:\/\/member.regtechanalyst.com\/hackers-are-hacking-hackers-in-a-new-unearthed-widespread-campaign\/\">RegTech Analyst\u00a0<\/a><\/p>\n<p><strong>It seems as if some hackers have been given a taste of their own medicine in a campaign where threat actors baited hackers with infected hacking tools.<\/strong><\/p>\n<p>The hacking tools were infected with njRat, a RAT program that enables the person behind it to take control of the infected device, according to an investigation from\u00a0<a href=\"https:\/\/www.cybereason.com\/blog\/whos-hacking-the-hackers-no-honor-among-thieves\">Cybereason<\/a>.<\/p>\n<p>\u201cnjRat is popular in the Middle East and gives its operators the ability to hijack the victim\u2019s machine for keylogging, taking screenshots, file manipulation and exfiltration, webcam and microphone recording,\u201d wrote Amit Serper, the security researcher behind the report.<\/p>\n<p>The tools infected with the remote access trojan were then posted on several forums and websites.<\/p>\n<p>Serper also uncovered what he referred to as a \u201cmalware factory\u201d where the people behind the hacker-hacking tools released new iterations on a daily basis.<\/p>\n<p>Serper said that it seems as if the campaign has \u201cbeen going on for several years\u201d and that he and his team had found hundreds of samples.<\/p>\n<p>When looking at samples of the strain it seemed as if the njRat was contacting two IP addresses: a hacked Indian office supplier manufacturer\u2019s website and capeturk.com.<\/p>\n<p>Up until 2018, capeturk.com had been operating as a Turkish gaming website dedicated to Minecraft. However, in November 2018 the domin expired and was registered by a Vietnamese individual.<\/p>\n<p>While Serper states that it is unclear if this individual is behind the campaign, he did note that someone he suspected to be tied to the Vietnamese domain ownership is often testing samples of the trojan by submitting them to VirusTotal.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>From:\u00a0RegTech Analyst\u00a0 It seems as if some hackers have been given a taste of their own medicine in a campaign where threat actors baited hackers with infected hacking tools. The hacking tools were infected with njRat, a RAT program that enables the person behind it to take control of the infected device, according to an&#8230; <\/p>\n<div class=\"clear\"><\/div>\n<p><a href=\"https:\/\/fintech.global\/cybertechforum\/hackers-are-hacking-hackers-in-a-new-unearthed-widespread-campaign\/\" class=\"gdlr-info-font excerpt-read-more\">Read More<\/a><\/p>\n","protected":false},"author":10,"featured_media":5480,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/fintech.global\/cybertechforum\/wp-json\/wp\/v2\/posts\/5479"}],"collection":[{"href":"https:\/\/fintech.global\/cybertechforum\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fintech.global\/cybertechforum\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fintech.global\/cybertechforum\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/fintech.global\/cybertechforum\/wp-json\/wp\/v2\/comments?post=5479"}],"version-history":[{"count":0,"href":"https:\/\/fintech.global\/cybertechforum\/wp-json\/wp\/v2\/posts\/5479\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fintech.global\/cybertechforum\/wp-json\/wp\/v2\/media\/5480"}],"wp:attachment":[{"href":"https:\/\/fintech.global\/cybertechforum\/wp-json\/wp\/v2\/media?parent=5479"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fintech.global\/cybertechforum\/wp-json\/wp\/v2\/categories?post=5479"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fintech.global\/cybertechforum\/wp-json\/wp\/v2\/tags?post=5479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}