A new malware targets online gambling companies in China using the watering hole attack method of embedding Cobalt Strike beacons into gambling websites. The beacons can be later deployed in the form of a backdoor called BIOPASS RAT, according to The Hacker News.
BIOPASS RAT was initially identified immediately after the malware made its debut on a targeted Chinese online gambling website.So far, we only know it is in development and that it’s targeting mostly Chinese online browsers, including 2345 Explorer, QQ Browser, 360 Safe Browser, Sogou Explorer, and WeChat.
The updated malware can deploy either BIOPASS RAT or Cobalt Strike beacons. Both versions are able to record their victims’ screens using OBS Studio.By employing BIOPASS, cybercriminals may easily access a variety of spyware features like live streaming on a cloud service through Real-Time Messaging Protocol (RTMP), as well as connecting with a C2 server via Socket.IO.
Cybercriminals disguise the malware in installer packages that look like real software installers
Trend Micro research reads “BIOPASS RAT possesses basic features found in other malware, such as file system assessment, remote desktop access, file exfiltration, and shell command execution,” […] “It also has the ability to compromise the private information of its victims by stealing web browser and instant messaging client data.”
The identity of the malicious agent is still unknown. Then again, based on Trend Micro research, the malware strain has similarities with that of TTPs, which is often linked with the Winnti Group.