A sophisticated remote access trojan (RAT) dubbed Xeno RAT has surfaced on GitHub, offering a potent threat to cybersecurity. Developed in C# and compatible with Windows 10 and Windows 11, this open-source malware provides a wide array of features for remote system management, including a SOCKS5 reverse proxy and real-time audio recording capabilities. The RAT also features a hidden virtual network computing (hVNC) module similar to DarkVNC, enabling attackers to remotely access infected computers.
According to its developer, known as moom825, Xeno RAT is crafted entirely from scratch, ensuring a unique approach compared to other remote access tools. Notably, the RAT includes a builder that allows the creation of customized variants of the malware, enhancing its adaptability for various malicious purposes.
This emergence raises concerns as moom825 is also behind another C#-based RAT called DiscordRAT 2.0, previously distributed within a malicious npm package named node-hide-console-windows. This new development underscores the growing trend of accessible and freely available malware contributing to the rise in RAT-based cyber campaigns.
Cybersecurity firm recently reported the distribution of Xeno RAT via the Discord content delivery network (CDN). The malware was disguised as a WhatsApp screenshot in a shortcut file, acting as a downloader for the ZIP archive hosted on Discord CDN. This multi-stage attack utilizes DLL side-loading to execute a malicious DLL, ensuring persistence and evading detection.
Meanwhile, the researcher has identified a Gh0st RAT variant called Nood RAT targeting Linux systems. Nood RAT operates as a backdoor malware, receiving commands from a command and control (C&C) server to conduct malicious activities such as downloading files, stealing internal files, and executing commands. Despite its simple appearance, Nood RAT employs encryption to avoid network detection and execute various malicious activities as directed by threat actors.
To mitigate the risk of Xeno RAT and similar threats, it’s essential to implement strong security measures. Keep your software and operating systems updated to protect against known vulnerabilities. Use firewalls and antivirus software to detect and block malicious activity. Be cautious of downloading software from untrusted sources, especially if it’s open source and not well-reviewed.