New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code

A new campaign targeting financial institutions involves the distribution of a remote access trojan called GodRAT, which uses steganography to conceal malicious code in image files. The malware, based on Gh0st RAT, is an evolution linked to Chinese threat actors like Winnti, and demonstrates how legacy malware code remains effective today. #GodRAT #Gh0stRAT #Winnti #APT41 #FinancialInstitutions

Keypoints

GodRAT is a remote access trojan targeting trading and brokerage firms worldwide.
The malware is delivered via disguised .SCR files using steganography in images.
It employs a plugin-based approach to extend its capabilities, including data harvesting and secondary payload delivery.
The full source code of GodRAT was found on VirusTotal, facilitating easier creation of malicious payloads.
Legacy malware like Gh0st RAT continues to evolve and be utilized by advanced threat groups such as Winnti.

SHARE THIS STORY

WhatsApp X (Twitter)Telegram Bluesky Facebook LinkedIn Threads Email Print