Syrian hackers spread stealthy C#-based Silver RAT to cybercriminals

Silver RAT to Cybercriminals

Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that is equipped to bypass security software and secretly launch hidden applications.

“The developers operate on multiple hacker forums and social media platforms and demonstrate an active and sophisticated presence,” says cybersecurity firm Cyfirma. said in a report published last week.

The actors, believed to be of Syrian origin and linked to the development of another RAT known as S500 RAT, also operate a Telegram channel that offers various services such as distribution of cracked RATs, leaked databases, mapping activities and the sale of Facebook and X (formerly Twitter) bots.

The social media bots are then used by other cybercriminals to promote various illegal services by automatically engaging and commenting on user content.

In-the-wild detections of Silver RAT v1.0 were first observed in November 2023, although the threat actor’s plans to release the trojan were first made official a year earlier. It was cracked and leaked on Telegram around October 2023.

The C#-based malware has a wide range of features to connect to a command-and-control (C2) server, log keystrokes, destroy system restore points, and even encrypt data using ransomware. There are also indications that an Android version is in the works.

Silver RAT for cybercriminals

“While generating a payload using the Silver RAT builder, threat actors can select various options with a payload size up to 50 KB,” the company said. “Once connected, the victim appears on the attacker-controlled Silver RAT panel, which displays the victim’s logs based on the chosen functionalities.”

An interesting evasion feature built into Silver RAT is the ability to delay payload execution for a specified time, as well as stealthily launch apps and take control of the compromised host.

Further analysis of the malware author’s online footprint shows that one of the group’s members is likely in his mid-20s and lives in Damascus.

“The developer […] appears to support Palestine based on their Telegram posts, and members associated with this group are active in various arenas including social media, development platforms, underground forums and Clearnet websites, suggesting their involvement in spreading various malware ,” said Cyfirma.


#Syrian #hackers #spread #stealthy #Cbased #Silver #RAT #cybercriminals

Notify of
Inline Feedbacks
View all comments
Previous Post
Lumma Stealer

Look after! YouTube videos promoting cracked software distribute Lumma Stealer

Next Post
AI Security and Privacy

NIST warns of security and privacy risks resulting from rapid implementation of AI systems

Related Posts