Attacks distributing the novel Xeno RAT trojan and updated Gh0st RAT variant dubbed "Nood RAT" have been underway, reports The Hacker News.
Threat actors have leveraged the Discord content delivery network to facilitate the deployment of the open-source Xeno RAT trojan as a shortcut file spoofing a WhatsApp screenshot, according to a report from Cyfirma. Touted by its developer moom825 — who is also behind the DiscordRAT 2.0 trojan — to be functional in Windows 10 and Windows 11 systems, Xeno RAT utilizes DLL side-loading as well as works to bypass detection, said researchers. On the other hand, Linux systems were reported by AhnLab Security Intelligence Center researchers to have been subjected to attacks with the Nood RAT backdoor aimed at data exfiltration and command execution. "Although simple in form, [Nood RAT] is equipped with the encryption feature to avoid network packet detection and can receive commands from threat actors to carry out multiple malicious activities," ASEC said.