Cyber Security News

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games like Badugi, Go-Stop, and Hold’em to disguise itself as a malicious program. 

The attackers created a fraudulent gambling website that, when accessed, prompts users to download a game launcher.

Instead of initiating the game, the launcher installs the malicious WrnRAT software. 

Once installed, WrnRAT grants attackers remote control over the infected system, enabling them to steal sensitive information and potentially execute further malicious actions. 

Protecting Your Networks & Endpoints With UnderDefense MDR – Request Free Demo

Deceitful page for downloading gambling games

Malware, likely initially installed through a Korean-commented batch script, is distributed via platforms like HFS.

HFS acts as a dropper, introducing additional malware into the system. The malware’s primary function appears to be data theft, and it could particularly target sensitive information.

The .NET-based dropper malware, disguised as installers, infiltrates systems. Upon execution, it spawns a launcher and the WrnRAT trojan, masking it as “iexplorer.exe” within an Internet Explorer directory. 

Platforms used for malware distribution

The launcher is responsible for initiating WrnRAT, which enables it to carry out malicious activities.

After that, the launcher self-destructs, leaving behind the stealthy WrnRAT trojan, which can compromise the system.

WrnRAT, a Python-based malware, is distributed as an executable file that primarily functions as a screen capture tool.

It transmits captured images to a remote server and is also capable of gathering fundamental system information and terminating particular processes. 

Dropper and launcher malware

With the deployment of additional malware to manipulate firewall settings, the threat actor further enhances the attack, which may make it more difficult to detect and respond to the threat.

It is a remote access Trojan (RAT) capable of executing various malicious commands and can request and transmit system information, including IP address, MAC address, client ID, and gateway. 

Configuration data of WrnRAT

It can also control screen capture functionality, including enabling or disabling monitoring and setting capture delay and quality by terminating specific target processes on the infected system.

Recent cyberattacks have targeted people who are interested in gambling games, specifically those who play 2-player go-stop, hold’em, and badugi, according to the ASEC

Malicious actors are distributing malware disguised as these games to steal sensitive information, including gameplay screenshots.

This allows attackers to monitor user activity, potentially leading to financial loss for both legitimate and illegitimate players. 

To mitigate this threat, users should exercise caution when downloading game installers, avoid suspicious sources, and keep antivirus software like V3 updated. This is crucial to ensure robust protection against such attacks.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!

Aman Mishra

Recent Posts

Indonesia Government Data Breach – Hackers Leaked 82 GB of Sensitive Data Online

Hackers have reportedly infiltrated and extracted a vast 82 GB of sensitive data from the Indonesian…

6 hours ago

IBM AIX TCP/IP Vulnerability Lets Attackers Exploit to Launch Denial of Service Attack

IBM has issued a security bulletin warning of two vulnerabilities in its AIX operating system…

7 hours ago

Apache Auth-Bypass Vulnerability Lets Attackers Gain Control Over HugeGraph-Server

The Apache Software Foundation has issued a security alert regarding a critical vulnerability in Apache…

7 hours ago

USA Launched Cyber Attack on Chinese Technology Firms

The Chinese National Internet Emergency Center (CNIE) has revealed two significant cases of cyber espionage…

8 hours ago

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions…

2 days ago

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through…

3 days ago