Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Gamers are being targeted by more dangerous malware

Spyware

Gamers are being targeted by a dangerous and potent malware strain that some researchers believe could be a stepping stone towards attacking corporate targets.

Cybersecurity researchers from AT&T recently discovered a remote access trojan (RAT) named “SeroXen” being advertised and sold on the dark web and in Discord channels. 

SeroXen is built on a number of known malware, including Quasar RAT, r77 rootkit, and the NirCmd. It’s hard to detect and offers a number of dangerous functionalities. 

Selling malware

"The SeroXen developer has found a formidable combination of free resources to develop a hard to detect in static and dynamic analysis RAT," AT&T says in its report.

"The use of an elaborated open-source RAT like Quasar, with almost a decade since its first appearance, makes an advantageous foundation for the RAT,” the company says, further stating that “the combination of NirCMD and r77-rootkit are logical additions to the mix, since they make the tool more elusive and harder to detect."

Quasar allows for reverse proxy, remote shell, remote desktop, TLS communication, and file management, and can be grabbed from GitHub. r77 rootkit offers file-less persistence, child process hooking, malware embedding, in-memory process injection, and antivirus evasion, while NirCmd’s goal is to do simple Windows system tasks, as well as peripheral management tasks. 

Some threat actors were observed advertising the tool as a legitimate remote access program for Windows 10 and Windows 11. They’re even charging for it - $15 a month, or $60 for a lifetime license. It remains unclear if the website was built by SeroXen’s developers, or affiliates. 

At the moment, most of the victims are gamers, but the researchers fear that with the growth of popularity, the tool might be picked up by more ambitious actors that could target small or medium-sized businesses (SMBs) and corporate entities, both in the private and public sectors.

Via: BleepingComputer

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.