A new version of the Neptune RAT malware has emerged, security researchers have warned, and is spreading on GitHub, Telegram, and even YouTube.
The remote access trojan is 'an extremely serious threat' being offered on the ransomware-as-a-service model, according to researchers at Cyfirma.
Affecting Windows devices, it hijacks Chromium-based browsers including Chrome, Brave, and Opera using a Chromium.dll attack that decrypts stored login data and installs itself as a scheduled Windows task.
It includes a crypto clipper and a password stealer with the ability to exfiltrate the credentials of more than 270 different applications, along with ransomware capabilities and live desktop monitoring.
Advanced anti-analysis techniques and persistence methods, such as modifying the Windows Registry and adding tasks to the Task Scheduler, mean it can maintain its presence on the victim’s system for extended periods of time.
"The analysis of the latest version of Neptune RAT reveals a sophisticated and highly dangerous piece of malware designed for persistent, covert operations on Windows systems," Cyfirma researchers said.
"Its ability to generate direct PowerShell commands (using irm and iex) enables seamless delivery and execution, effectively bypassing traditional security measures. It also has the capability to destroy Windows OS and features advanced password-grabbing functionalities."
Neptune RAT lowers the bar for cyber criminals
The new version has been made available without the source code, making analysis more challenging. Notably, it's being offered via an unusual model, with the developer claiming that while it's free to use, there's a more advanced version behind a paywall.
Chris Hauk, consumer privacy advocate at Pixel Privacy, said the emergence of the new Neptune RAT variant shows the “try it before you buy it era of malware has arrived”.
“Neptune RAT is available as a download from GitHub, making it available to a wider variety of internet users than usual," he said.
"As antivirus and anti-malware apps have not yet been able to detect and remove Neptune RAT, internet users will need to stay alert and practice safe computing by not clicking on links or opening attachments that are shared by unknown users."
Paul Bischoff, consumer privacy advocate at Comparitech, echoed Hauk’s comments, noting that the accessibility of the variant will have wide-reaching implications for consumers and enterprises alike and lower the barrier of entry for cyber criminals.
"The maker of Neptune RAT is giving their malware out for free, so it's not just one hacker group we need to worry about," he said.
"Anyone could use it to launch attacks through email, text, ads, or download links. Once the malware has infected a system, it is extremely destructive, dangerous, and hard to remove."
Given its anti-detection features, the new Neptune RAT version is hard to avoid, Cyfirma researchers said, adding that this poses a “significant risk to both individuals and organizations”.
"Continuous monitoring, robust endpoint protection, and proactive threat detection strategies are crucial to mitigating the impact of this malware."
MORE FROM ITPRO
-
Big tech CEOs are fueling the fire of AI confusionOpinion Mixed messaging on the effectiveness of AI only raises fears that the technology will steal human jobs
-
Three things you need to know about the EU Data ActNews A host of key provisions in the EU Data Act will come into effect on 12 September, and there’s a lot for businesses to unpack.
-
Cybersecurity experts issue urgent warning amid surge in Stealerium malware attacksNews Proofpoint said Stealerium has flown under the radar for some time now, but researchers have observed a huge spike in activity between May and August this year.
-
Hackers are using AI to dissect threat intelligence reports and ‘vibe code’ malwareNews TrendMicro has called for caution on how much detail is disclosed in security advisories
-
Microsoft quietly launched an AI agent that can detect and reverse engineer malwareNews Researchers say the tool is already achieving the “gold standard” in malware classification
-
Malicious URLs overtake email attachments as the biggest malware threatNews With malware threats surging, research from Proofpoint highlights the increasing use of off-the-shelf 'phish kits' like CoGUI and Darcula
-
Warning issued as new Pakistan-based malware group hits millions globallyNews Tempting people in with offers of pirated software, the network installs commodity infostealers, according to CloudSEK
-
OpenAI is clamping down on ChatGPT accounts used to spread malwareNews Tools like ChatGPT are being used by threat actors to automate and amplify campaigns
-
It's been a bad week for ransomware operatorsNews A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Hackers are using Zoom’s remote control feature to infect devices with malwareNews Security experts have issued an alert over a new social engineering campaign using Zoom’s remote control features to take over victim devices.
