Thursday, January 23, 2025
HomeCyber Security NewsNew NonEuclid RAT Evades Antivirus and Encrypts Critical Files

New NonEuclid RAT Evades Antivirus and Encrypts Critical Files

Published on

SIEM as a Service

Follow Us on Google News

A NonEuclid sophisticated C# Remote Access Trojan (RAT) designed for the.NET Framework 4.8 has been shown to pose a significant and ever-evolving cyber threat. 

The malware leverages a multifaceted approach to evade detection and maintain persistence, employing advanced techniques such as antivirus bypass, anti-detection mechanisms, anti-virtual machine checks, rootkit-like capabilities to conceal its presence, and the ability to modify system processes. 

NonEuclid employs privilege escalation methods, such as User Account Control (UAC) bypass and exploitation of system vulnerabilities, to gain elevated system privileges and execute commands with increased authority, enabling it to manipulate critical system functions and compromise sensitive data.

Initial Connection
Initial Connection

It also incorporates ransomware capabilities, encrypting specific file types like .CSV, .TXT, and .PHP and appending the “.NonEuclid” extension to the filenames, effectively holding critical data hostage and disrupting business operations. 

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Distributed through various channels, including social media, underground forums, and phishing campaigns, NonEuclid presents a serious risk to both organizations and individuals due to its stealthy operations, evasive tactics, and destructive potential.

The malware utilizes a combination of techniques to maintain persistence, including scheduled tasks, manipulation of the Windows Registry, service manipulation, and the creation of hidden files and directories that ensure its continued presence on the infected system and hinder removal efforts. 

Camera access
Camera access

NonEuclid’s advanced features include such as dynamic DLL loading, robust AES encryption, the ability to steal sensitive information like credentials, system data, and cryptocurrency wallets. 

The capability to remotely control infected systems for malicious activities like data exfiltration, botnet participation, and launching further attacks.

According to Cyfirma, the potential for lateral movement within a network significantly enhances its resilience against detection and removal efforts, making it a highly challenging and dangerous threat to mitigate.

numerous users across various Russian forums and Discord channels were actively advertising, selling, and discussing the NonEuclid RAT
numerous users across various Russian forums and Discord channels were actively advertising, selling, and discussing the NonEuclid RAT

In order to escape security measures and deliver ransomware payloads, the NonEuclid Remote Access Tool (RAT) makes use of sophisticated techniques such as stealth mechanisms, anti-detection, and privilege escalation. 

Its widespread dissemination across online platforms demonstrates that it is becoming increasingly popular among cybercriminals and presents significant challenges to those who are tasked with protecting against it.

To mitigate threats like NonEuclid RAT, organizations should enhance threat intelligence sharing, invest in AI-driven security tools, deploy EDR solutions, strengthen user awareness, implement strict privilege management, and perform regular patch management and audits.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies

The "Cookie Sandwich Attack" showcases a sophisticated way of exploiting inconsistencies in cookie parsing...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques

CYFIRMA's Research and Advisory team has identified a new strain of ransomware labeled "Nnice,"...