NiceRAT Malware Infect Devices via Cracked Software

Cybercriminals have been deploying a malware named NiceRAT to infect devices and incorporate them into a botnet, specifically targeting users in South Korea.

The malware is spread under the guise of cracked software, such as pirated versions of Microsoft Windows or tools claiming to offer license verification for Microsoft Office.

According to the report, the distribution of NiceRAT is facilitated by the nature of crack programs. Ordinary users sharing these programs contribute to the malware’s spread, independent of the initial distributor. Additionally, threat actors often provide instructions on disabling anti-malware programs, making the malware harder to detect.

Other distribution methods include the use of a botnet composed of compromised computers controlled by a remote access trojan (RAT) known as NanoCore RAT. This approach is similar to previous campaigns that used the Nitol DDoS malware to propagate another malware called Amadey Bot.

NiceRAT is an open-source RAT and stealer malware written in Python, actively developed and using a Discord Webhook for command-and-control (C2). This enables attackers to exfiltrate sensitive information from infected systems.

The first version of NiceRAT was released on April 17, 2024, and the current version is 1.1.0. There is also a premium version available, indicating that NiceRAT is marketed under the malware-as-a-service (MaaS) model.

This development coincides with the resurgence of a cryptocurrency mining botnet known as Bondnet. Since 2023, Bondnet has been utilizing high-performance miner bots as C2 servers, configuring a reverse proxy using a modified version of a legitimate tool called Fast Reverse Proxy (FRP).

To avoid infection by the NiceRAT malware, refrain from downloading and using cracked or pirated software. These programs often serve as vectors for malware distribution. Ensure your operating system and software are updated with the latest security patches. Implement robust antivirus solutions and conduct regular scans to detect and remove threats. Strengthening network security with firewalls and intrusion detection systems can also help mitigate potential attacks.