Blog
Share This Post
[ad_1]
Windows systems have been covertly hijacked by the newly emergent NonEuclid remote access trojan, which features antivirus evasion, anti-detection, privilege escalation, and ransomware encryption capabilities, reports The Hacker News.
After performing client app initialization, NonEuclidRAT — which has been proliferating in the dark web since late November — conducts detection bypass checks and establishes a TCP socket while adding Microsoft Defender Antivirus exclusions and leveraging Windows API calls for process enumeration, according to an analysis from Cyfirma. Aside from sidestepping the Windows Antimalware Scan Interface and User Account Control defenses, NonEuclid RAT also transforms into ransomware, with its ability to encrypt .TXT, .CSV, and .PHP files, the report revealed. “[NonEuclid RAT’s] widespread promotion across underground forums, Discord servers, and tutorial platforms demonstrates its appeal to cyber-criminals and highlights the challenges in combating such threats. The integration of features like privilege escalation, AMSI bypass, and process blocking showcases the malware’s adaptability in evading security measures,” said Cyfirma.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
