Palo Alto Networks experts discovered that a hacker collective known as the Gaza Cybergang use the QuasarRAT against government institutions.
Gaza Cybergang Collective Uses QuasarRAT Malware In Dangerous Attacks
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
Experts from Palo Alto Networks discovered a dangerous attack campaign that is currently ongoing against various government entities and institutions. The weapon of choice is the QuasarRAT malware which is an advanced open-source software. It is believe that the attack wave originates from the Gaza Cybergang, a well-known hacker collective that is also known under the aliases Gaza Hackers Team and Molerats. The group has been active since at least 2012 and it is believed that the hackers are run by the Palestinian group Hamas. Most of the targets are organizations in the Middle East, but victims have also been institutions located in Europe and the USA.
The security experts from Palo Alto Networks recently spotted a new campaign which has been dubbed as DustySky. It uses two separate pieces – the Downeks payload dropper and the QuasarRat malware which is a powerful remote access tool. The attack uses a modified version of the original malware code. The core program has the following features:
TCP network stream (IPv4 & IPv6 support)
Fast network serialization (NetSerializer)
Compressed (QuickLZ) & Encrypted (AES-128) communication
Multi-Threaded
UPnP Support
No-Ip.com Support
Visit Website (hidden & visible)
Show Messagebox
Task Manager
File Manager
Startup Manager
Remote Desktop
Remote Webcam
Remote Shell
Download & Execute
Upload & Execute
System Information
Computer Commands (Restart, Shutdown, Standby)
Keylogger (Unicode Support)
Reverse Proxy (SOCKS5)
Password Recovery (Common Browsers and FTP Clients)
Registry Editor
Upon infection the modified QuasarRAT malware is able to introduce several damaging actions to the infected hosts:
QuasarRAT is able to retrieve files from the remote computer. This can be used to steal sensitive documents and since the attacks mainly target government institutions, we assume that the hacker collective are looking for secret documents or other types of sensitive data.
The malware allows for full control of the infected system. It is able to kill or start system or application processes, capture passwords, log keystrokes and display message boxes. A remote desktop connection can be opened if the remote attackers want to obtain a direct connection to the hosts.
The QuasarRAT malware makes it possible to open web sites. This option can be used in more complicated scenarios to imitate system action.
The Downeks component which is used as a payload downloader can capture screenshots. In addition it can scan the infected computer for the presence of any installed security solutions which might prevent the execution of the malware.
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
