Hackers use Remote Access Trojans (RATs) to gain unauthorized access and control over a victim’s computer remotely.
These malicious tools allow hackers to perform various malicious activities like the following without the user’s knowledge:-
- Execute commands
- Steal sensitive information
- Unauthorized access
- Unauthorized manipulation
Recently, cybersecurity researchers at Cyfirma discovered Silver RAT, which evades anti-virus software to hack Windows machines.
Silver RAT, which is written in C sharp, has the following capabilities:-
- Bypass anti-viruses
- Covertly launch hidden applications
- Covertly launch browsers
- Covertly launch keyloggers
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.
Silver RAT Evades Anti-viruses
Developers active on hacker forums and social media, especially on Telegram, to offer services like:-
- Cracked RATs
- Leaked databases
- Carding
- Social media bot sales
Silver RAT v1.0 was initially seen in November 2023 which has destructive features and a Windows base, but a new version is planned for the following two platforms:-
While besides this, ‘noradlb1’ is a known developer with a respected reputation on forums. The cracked version surfaced in October 2023 on Telegram and GitHub.
Silver RAT’s builder allows threat actors to customize payloads up to 50kb. Once connected, the victim’s logs appear on the attacker’s panel.
The final payload is a Windows executable file delivered through social engineering.
Apart from this, the sale announcement first appeared on the following hacking forums among the several ones:-
A successful connection grants the attacker control over the target system. Through the ‘Manager’ option, they can do the following things:-
- Handle applications
- Navigate the file manager
- Modify registry keys
- Check startup items
- Monitor system performance
Here below, we have mentioned all the other malicious activities that threat actors can leverage:-
- Hidden Apps
- Hidden Browsers
- Hidden VNC
Functionalities of Silver RAT
Here below, we have mentioned all the functionalities of the Silver RAT:-
- Command and control via IP address/port or webpage.
- Windows Defender exclusion for post-launch stealth.
- Configuration to erase all system restore points.
- Delayed execution option for the payload.
- Hidden process and installation in task manager.
- Custom process name to conceal payload in folders.
- Antivirus bypass through FUD Crypters.
Researchers discovered two Telegram channels used by the Silver RAT devs, which show high engagement. While CYFIRMA finds they use a known Crypto wallet with diverse addresses (Bitcoin, Ethereum, USDT):-
- Bitcoin wallet is empty
- Ethereum shows 8 transactions totaling 2,275.67 USD (Dec 24-25, 2023)
Researchers trace PayPal purchases and obtain threat actors’ Gmail. Further investigation links a hacktivist Facebook account supporting the “Syrian Revolution” to a Silver RAT developer known for FPS game hacks.
Recommendations
Here below, we have mentioned all the recommendations offered by the cybersecurity analysts:-
- Security Awareness Training
- Regular Updates
- Data Encryption
- Incident Response Plan
- User Support
- Regular Backups
- App Review
- Network Security
- Behavioral Analysis
- Endpoint Detection and Response (EDR)
- Firewall Configuration
IOCs
