BLADABINDI, also known as njRAT/Njw0rm, is a remote access tool (RAT) with a myriad of backdoor capabilities — from keylogging to carrying out distributed denial of service (DDoS) — and has been rehashed and reused in various cyberespionage campaigns since it first emerged. Indeed, BLADABINDI’s customizability and seeming availability in the underground make it a prevalent threat. Case in point: Last week, we came across a worm (detected by Trend Micro as Worm.Win32.BLADABINDI.AA) that propagates through removable drives and installs a fileless version of the BLADABINDI backdoor.Read More
We came across a new version of a cryptocurrency-mining RETADUP worm (detected by Trend Micro as WORM_RETADUP.G) through feedback from our managed detection and response-related monitoring. This new variant is coded in AutoHotKey, an open-source scripting language used in Windows for creating hotkeys (i.e., keyboard shortcuts, macros, software automation). AutoHotKey is relatively similar to the script automation utility AutoIt, from which RETADUP’s earlier variants were based on and used for both cybercrime and cyberespionage.
We identified this threat via an endpoint — from an organization in the public sector — that had related malware artifacts (as RETADUP was promptly blocked). Further analyzing and correlating them based on their C&C protocol and our own RETADUP detections, we found that they were similar to other samples we sourced. These indicate that, at least for now, RETADUP’s operators — despite their history in deploying their malware in targeted attacks — are focusing on cybercriminal cryptocurrency mining.Read More
Early this year, Trend Micro researcher Kyle Wilhoit observed an increase in the use of AutoIt in several hacker tools and malware, which were typically uploaded on sites like Pastebin and Pastie. In the said blog post, Kyle noted that because of AutoIt’s easy-to-learn language, we can expect more threat actors to incorporate this scripting language in their…Read More
AutoIt is a very flexible coding language that’s been used since 1999 by coders looking for a fast, easy, and flexible scripting language in Windows. From simple scripts that change text files to scripts that perform mass downloads with complex GUIs, AutoIt is an easy-to-learn language that allows for quick development. The trend for malicious…Read More