Cyber Security News

New NonEuclid RAT Evades Antivirus and Encrypts Critical Files

A NonEuclid sophisticated C# Remote Access Trojan (RAT) designed for the.NET Framework 4.8 has been shown to pose a significant and ever-evolving cyber threat. 

The malware leverages a multifaceted approach to evade detection and maintain persistence, employing advanced techniques such as antivirus bypass, anti-detection mechanisms, anti-virtual machine checks, rootkit-like capabilities to conceal its presence, and the ability to modify system processes. 

NonEuclid employs privilege escalation methods, such as User Account Control (UAC) bypass and exploitation of system vulnerabilities, to gain elevated system privileges and execute commands with increased authority, enabling it to manipulate critical system functions and compromise sensitive data.

Initial ConnectionInitial Connection
Initial Connection

It also incorporates ransomware capabilities, encrypting specific file types like .CSV, .TXT, and .PHP and appending the “.NonEuclid” extension to the filenames, effectively holding critical data hostage and disrupting business operations. 

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Distributed through various channels, including social media, underground forums, and phishing campaigns, NonEuclid presents a serious risk to both organizations and individuals due to its stealthy operations, evasive tactics, and destructive potential.

The malware utilizes a combination of techniques to maintain persistence, including scheduled tasks, manipulation of the Windows Registry, service manipulation, and the creation of hidden files and directories that ensure its continued presence on the infected system and hinder removal efforts. 

Camera access

NonEuclid’s advanced features include such as dynamic DLL loading, robust AES encryption, the ability to steal sensitive information like credentials, system data, and cryptocurrency wallets. 

The capability to remotely control infected systems for malicious activities like data exfiltration, botnet participation, and launching further attacks.

According to Cyfirma, the potential for lateral movement within a network significantly enhances its resilience against detection and removal efforts, making it a highly challenging and dangerous threat to mitigate.

numerous users across various Russian forums and Discord channels were actively advertising, selling, and discussing the NonEuclid RAT

In order to escape security measures and deliver ransomware payloads, the NonEuclid Remote Access Tool (RAT) makes use of sophisticated techniques such as stealth mechanisms, anti-detection, and privilege escalation. 

Its widespread dissemination across online platforms demonstrates that it is becoming increasingly popular among cybercriminals and presents significant challenges to those who are tasked with protecting against it.

To mitigate threats like NonEuclid RAT, organizations should enhance threat intelligence sharing, invest in AI-driven security tools, deploy EDR solutions, strengthen user awareness, implement strict privilege management, and perform regular patch management and audits.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Aman Mishra

Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Recent Posts

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations, particularly…

9 hours ago

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search Service…

9 hours ago

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider, has…

9 hours ago

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800 compromised…

10 hours ago

Hackers Bypass AI Filters from Microsoft, Nvidia, and Meta Using a Simple Emoji

Cybersecurity researchers have uncovered a critical flaw in the content moderation systems of AI models…

11 hours ago

Microsoft Alerts That Default Helm Charts May Expose Kubernetes Apps to Data Leaks

Microsoft’s cybersecurity research team has issued a stark warning about the risks of using default…

11 hours ago