Dark Caracal hacker group hits the cyberspace with a new malware threat
Here is everything you need to know about CrossRAT and how to protect against it:
The infamous Dark Caracal hacker group have released a new multi-platform malware named CrossRAT. CrossRAT is made using Java and is a multi-platform remote access Trojan that can attack: Windows, Solaris, Linux, and macOS, by enabling remote attackers to manipulate the file system, take screenshots and run arbitrary executables.
Our cybersecurity team says that Dark Caracal hackers do not use any 0-day exploits to distribute its malware; instead, they are using basic social engineering via posts on Facebook groups and WhatsApp messages, encouraging users to visit hackers-controlled fake websites and download malicious applications.
The first thing that CrossRAT is doing when it is first to run on the attacked system is to verify which version to install depending on the running OS. At this point, it collects info about installed OS version, kernel build, and architecture or in case of Linux the distribution of it like Arch Linux, Centos, Debian, Kali Linux, Fedora or Linux Mint.
After collecting this info, the malware installs tools that automatically execute it when the infected system is rebooted and register itself to the C&C server, allowing remote attackers to send command and steal data. CrossRAT version used by Dark Caracal gave info of connection hardcoded in crossrat/k.class file: the address of connection is flexberry.com on port 2223.
Our experts also found that this malware has keylogger capabilities because inside its code they found the use of jnativehook which is an open source Java listener for keyboard and mouse.
This is the signs of infection:
Open HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ registry key.
If infected it will contain a command that includes, java, -jar and mediamgrs.jar.
Search and look for jar file, mediamgrs.jar, in ~/Library.
Also search and look for launch agent in /Library/LaunchAgents or ~/Library/LaunchAgents named mediamgrs.plist.
Search and look for jar file, mediamgrs.jar, in /usr/var.
Also, search and look for an ‘autostart’ file in the ~/.config/autostart likely named mediamgrs.desktop.
Our cybersecurity expert says that this types of malware would start to be a more and more common presence in cyberspace and because of that everyone should protect their system and devices by installing at least one security measure.
Regular users are the most affected by malware this day because most of them do not care about what antivirus they have installed in their systems.
Users can download antivirus developed by our company directly by clicking the download banner from the end of the page.
Our free download antivirus can help users to protect their Mac or Windows devices against malware and adware.
We offer a free antivirus one day license to all our users who want to test the full power of our antivirus solution.
Our antivirus can detect a vast spectrum of threats, from dangerous malware to nasty browsers extensions used for mining the crypto-currency.
The antivirus our company is offered is a certified product of OPSWAT.
Most of the companies don't care about cybersecurity until they suffer a breach.
A healthy company must perform a penetration test from time to time. The penetration test must execute against all the assets of the company, including the workers who are the most vulnerable to the social engineering attacks.
A penetration test can be done either by a security specialist from inside of the company or by hiring an external cyber security company who can take care of everything.
Besides penetration test, a company must have a minimum healthy cybersecurity system installed like antivirus or firewall.
CyberByte company can perform various penetration tests on all the spectrum of PCI/DSS compliance to the red team, perimeter testing, and social engineering.
We also provide services to employee profiling and cyber threat monitoring, since most of the data breaches this day come from the inside of the company.
To check our penetration test services go to the Services tab from the main menu.
Windows users can download free antivirus solution CyberByte by clicking the banner. The free antivirus will help you to know if your PC is infected. Windows free antivirus of CyberByte is an awarded software for malware detection.
Mac / MacOS / OS X users can download free Mac antivirus solution CyberByte by clicking the banner. The free antivirus will help you to know if your Mac is infected. MacOS / OS X free antivirus of CyberByte is an awarded software for malware detection. The free antivirus for Mac is available for new MacOS and older OS X versions.
Features of CyberByte™ antivirus:
- Protects you from all kind of threats
- CyberByte™ custom detection engine includes Mac and Windows malware protection and detection
- Fastest scanning times in the market
- Crypto Mining rogue extensions/malware detection
- Ransomware detection - don’t negotiate with ransomware cyber terrorists – keep your Mac and Windows safe
- Active live protection from background
- Certified Threat Detector by OPSWAT
- Easy to Install
- Easy to Manage
- Incredible value for money
Invisible, protecting you from behind the scenes - You will not feel it is installed on your computer, easy on the resources, like a protection software should be.
Original technology that combines behavioral heuristic analysis with powerful signatures database – the CyberByte™ Protection Engine delivers top of the line protection in an instant.
Fastest scanning times in the market – your time is precious, but also so is your digital life – CyberByte™ delivers fast scanning saving both time and your valuable data.
Don’t negotiate with ransomware cyber terrorists – keep your Mac safe and don’t ever end up paying for what is already yours.
Protect others as well – the CyberByte™ Protection Engine not only detects the threat but stops it from spreading to other Macs or Windows machines.
Don’t let strangers use your resources – more than 80% of the attacks are crypto mining driven. Are you sure your computer is not mining for crypto while you read this text?
Our malware protection will continuously look after your device providing the best security against viruses. Give us the chance to prove it by downloading the antivirus for your device.
CyberByte Antivirus is a certified product by OPSWAT (OPSWAT is a San Francisco-based software company that provides solutions to secure and manage IT infrastructure. Founded in 2002, OPSWAT delivers solutions that provide manageability of endpoints and networks, and that help organizations protect against
zero-day attacks by using multiple antivirus engine scanning and document sanitization.
To learn more about OPSWAT’s innovative and unique solutions, please visit http://www.opswat.com).
CyberByte Antivirus comes in two flavors:
MacOS Version - the free download Mac antivirus available on our website (https://mac.cyberbyte.org)
Windows Version - the free download Windows antivirus available on our website (https://pc.cyberbyte.org)
The procedure is simple:
Just free download antivirus from CyberByte website either for Mac or Windows.
Install it using the antivirus installer package.
Windows and Mac users will free malware scan their devices. The scan duration depends on how many files the end user has.
CyberByte antivirus will show if any files are infected after the scan is finished.