A backdoor in Executable and Linkable Format (ELF) files used by Chinese hackers has been misidentified as a version of existing malware for years, Trend Micro claimed in a recent analysis.
In Noodle RAT: Reviewing the New Backdoor utilised by Chinese-Speaking Groups, a blog post based on a Botconf 2024 presentation, Trend Micro Research revealed Noodle RAT, a remote access Trojan employed by Chinese-speaking groups involved in espionage or criminal activity.
Noodle RAT, aka ANGRYREBEL or Nood RAT, has been active since at least 2018. However, it was always regarded as a variant of an existing malware strain, such as Gh0st RAT or Rekoobe.
“For instance, NCC Group released a report on a variant of Gh0st RAT used by Iron Tiger in 2018. Talos released a report on an ELF backdoor used by Rocke (aka Iron Cybercrime Group) in 2018. Sophos released a report on a Linux version of the Gh0st RAT variant used in the Cloud Snooper Campaign in 2018. Positive Technology Security released a report on Calypso RAT used b
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: