BIOPASS RAT: New Malware Sniffs Victims via Live Streaming

BIOPASS RAT
Share It On:

15th July 2021, Kathmandu

We know that we found the latest malware and our aim is to target online gambling companies in China it is related to a watering hole attack, when the visitors are trick then they are started to download a malware loader disguised as a legitimate installer for well-known apps like Adobe Flash Player,  Microsoft Silverlight.

Near examination of the loader display that and it loads either a previously undocumented which is written in python or a Cobalt Strike shellcode backdoor, the latest kind of malware which we get and that’s name is  BIOPASS RAT (remote access trojan).

We know in the BIOPASS RAT they have main features which are found in other malware, like file system assessment, remote desktop access, file exfiltration, and shell command execution.

It also has the ability to deal with the personal information of its victims by stealing web browser and instant messaging client data.

The BIOPASS RAT is especially interesting because it can sniff its victim’s screen by abusing the framework of Open Broadcaster Software(OBS) Studio, a video recording app and favorite or well-liked live streaming, to establish live streaming in a cloud service via Real-Time Messaging Protocol (RTMP).

In addition, the attack misuses the object storage service (OSS) of Alibaba Cloud(Aliyun) to host the BIOPASS RAT Python scripts as well as to keep and store the exfiltrated data from victims.

BIOPASS RAT is still being actively developed. Some example, just a Few markers that we discovered in the analysis time refer to different versions of RAT code, such as “V2” or “BPSV3”.

There are a lot of the loaders that we found and they were used to load Cobalt Strike shellcode by default instead of the BIOPASS RAT malware.

Furthermore, BIOPASS RAT also makes a timetable for tasks it is easy to load the Cobalt Strike shellcode during the initialization, indicating that the malicious actor behind the attack still stiffly relies on Cobalt Strike.

We also found many clues that display how the malware might be added with the Winnti Group(also known as APT41).


Share It On:

Recent Posts

Gentle Care For Infants: Parachute Advansed Baby Partners With Ek Ek Paila for Newborn Well-being in Nepal

Gentle Care For Infants: Parachute Advansed Baby Partners With Ek

Share It On:7 October 2024, Kathmandu Marico, a leading name in consumer goods, proudly announces the expansion of its product

Sanima Bank Disburses NPR 1 Million Accident Insurance Claim

Sanima Bank Disburses NPR 1 Million Accident Insurance Claim

Share It On:7 October 2024, Kathmandu Sanima Bank recently transferred an accident insurance claim worth NPR 1 million under its

Singhadurbar Smart Gate Pass System Goes Live!

Singhadurbar Smart Gate Pass System Goes Live!

Share It On:7 October 2024, Kathmandu The Singhadurbar Smart Gate Pass System is now officially live! Visitors can easily register

Elevating Global Nepali Professionals Event in Seattle: Panelists Announced for October 18 Networking and Discussion

Elevating Global Nepali Professionals Event in Seattle: Panelists Announced for

Share It On:7 October 2024, Kathmandu The Great Nepali Diaspora is excited to announce the incredible panelists for the Seattle

NMB Bank Partners Mechi Drishti Eye Hospital For Exclusive Discounts

NMB Bank Partners Mechi Drishti Eye Hospital For Exclusive Discounts

Share It On:7 October 2024, Kathmandu NMB Bank is offering its customers an exclusive discount at Mechi Drishti Eye Hospital

Prabhu Bank Launches Education Hub in Chitwan to Streamline Student Loans

Prabhu Bank Launches Education Hub in Chitwan to Streamline Student

Share It On:7 October 2024, Kathmandu In a significant move aimed at supporting students seeking international education, Prabhu Bank has