BIOPASS RAT: New Malware Sniffs Victims via Live Streaming

BIOPASS RAT
Share It On:

15th July 2021, Kathmandu

We know that we found the latest malware and our aim is to target online gambling companies in China it is related to a watering hole attack, when the visitors are trick then they are started to download a malware loader disguised as a legitimate installer for well-known apps like Adobe Flash Player,  Microsoft Silverlight.

Near examination of the loader display that and it loads either a previously undocumented which is written in python or a Cobalt Strike shellcode backdoor, the latest kind of malware which we get and that’s name is  BIOPASS RAT (remote access trojan).

We know in the BIOPASS RAT they have main features which are found in other malware, like file system assessment, remote desktop access, file exfiltration, and shell command execution.

It also has the ability to deal with the personal information of its victims by stealing web browser and instant messaging client data.

The BIOPASS RAT is especially interesting because it can sniff its victim’s screen by abusing the framework of Open Broadcaster Software(OBS) Studio, a video recording app and favorite or well-liked live streaming, to establish live streaming in a cloud service via Real-Time Messaging Protocol (RTMP).

In addition, the attack misuses the object storage service (OSS) of Alibaba Cloud(Aliyun) to host the BIOPASS RAT Python scripts as well as to keep and store the exfiltrated data from victims.

BIOPASS RAT is still being actively developed. Some example, just a Few markers that we discovered in the analysis time refer to different versions of RAT code, such as “V2” or “BPSV3”.

There are a lot of the loaders that we found and they were used to load Cobalt Strike shellcode by default instead of the BIOPASS RAT malware.

Furthermore, BIOPASS RAT also makes a timetable for tasks it is easy to load the Cobalt Strike shellcode during the initialization, indicating that the malicious actor behind the attack still stiffly relies on Cobalt Strike.

We also found many clues that display how the malware might be added with the Winnti Group(also known as APT41).


Share It On:
Worldlink
NMB Bank

Recent Posts

See More
Newly Established Nepal Nippon Chamber Promotes Trade and Tourism with Japan

Newly Established Nepal Nippon Chamber Promotes Trade and Tourism with

Share It On:24th November 2024, Kathmandu To strengthen trade, industry, tourism, and economic relations between Nepal and Japan, the “Nepal

Best Taxpayer Award 2024: MAW Hire Purchase Recognized For Excellence

Best Taxpayer Award 2024: MAW Hire Purchase Recognized For Excellence

Share It On:24th November 2024, Kathmandu MAW Hire Purchase Pvt. Ltd. was honored as the best taxpayer at the closing

Nesdo Sambridha Laghubitta Recruitment 2024: Apply Now for 75+ Positions

Nesdo Sambridha Laghubitta Recruitment 2024: Apply Now for 75+ Positions

Share It On:24th November 2024, Kathmandu  Nesdo Sambridha Laghubitta Bittye Sanshtha Ltd., a leading financial institution in Nepal, is on

NRB’s Quarterly Monetary Policy Review: Key Economic Indicators and Outlook

NRB’s Quarterly Monetary Policy Review: Key Economic Indicators and Outlook

Share It On:24th November 2024, Kathmandu Nepal Rastra Bank (NRB) is all set to unveil its first quarterly review of

Global IME Dental Discount Offers in Nepal: Partnering with Samaj Dental Hospital

Global IME Dental Discount Offers in Nepal: Partnering with Samaj

Share It On: 24th November 2024, Kathmandu Global IME Bank, Nepal’s leading commercial bank, has joined hands with Samaj Dental

Promesh Raj Kayastha Appointed as Company Secretary of Citizens Bank

Promesh Raj Kayastha Appointed as Company Secretary of Citizens Bank

Share It On:24th November 2024, Kathmandu Citizens Bank International Limited has appointed Promesh Raj Kayastha as its Company Secretary. Citizens

Best Taxpayer Award 2024: MAW Hire Purchase Recognized For Excellence

Best Taxpayer Award 2024: MAW Hire Purchase Recognized For Excellence

Caberg Helmets Launched in Nepal by Bhawana Business Link

Caberg Helmets Launched in Nepal by Bhawana Business Link

Foton Mountain EV Nepal, Electric Vehicle, 100 Units Delivered

Foton Mountain EV Nepal, Electric Vehicle, 100 Units Delivered

CG Motors Launches Flagship Showroom in Thapathali and Debuts Xpeng G6 Electric SUV in Nepal

CG Motors Launches Flagship Showroom in Thapathali and Debuts Xpeng

Hyundai Ioniq 5 EV Now Available in 100 kW Variant in Nepal – Book Your Premium Electric Vehicle Today

Hyundai Ioniq 5 EV Now Available in 100 kW Variant

Nepal Telecom To Provide Share To Its Customers

Nepal Telecom To Provide Share To Its Customers

NTA To Establish IT Labs in the 900 Public Schools

NTA To Establish IT Labs in the 900 Public Schools

Ncell Launches New TikTok Pack, Adds TikTok To All Sadhain

Ncell Launches New TikTok Pack, Adds TikTok To All Sadhain ON Pack Freebies