If you’ve spent any time on two wheels, you’ve certainly experienced the woes of poor bicycle shifting. You hit the button or twist the knob expecting a smooth transition into the next gear, only to be met with angry metallic clanking that you try to push though but ultimately can’t. Bicycle manufacturers collectively spent millions attempting to remedy this issue with the likes of gearboxes, electronic shifting, and even belt-driven bikes. But Praxis believes to have a better solution in their prototype HiT system.

Rather then moving a chain between gears, their novel solution works by folding gears into or away from a chain. These gears are made up of four separate segments that individually pivot around an axle near the cog’s center. These segments are carefully timed to ensure there is no interference with the chain making shifting look like a complex mechanical ballet.

While the shift initialization is handled electronically, the gear folding synchronization is mechanical. The combination of electronic and mechanical systems brings near-instant shifting under load at rotational rates of 100 RPM. Make sure to scroll through the product page and watch the videos showcasing the mechanism!

The HiT gearbox is a strange hybrid between a derailleur and a gearbox. It doesn’t contain a clutch based gear change system or even a CVT as seen in the famous Honda bike of old. It’s fully sealed with more robust chains and no moving chainline as in a derailleur system. The prototype is configurable between four or sixteen speeds, with the four speed consisting of two folding gear pairs connected with a chain and the sixteen speed featuring a separate pair of folding gears. The output is either concentric to the input, or above the input for certain types of mountain bikes.

Despite the high level of polish, this remains a prototype and we eagerly await what Praxis does next with the system. In the meantime, make sure to check out this chainless e-drive bicycle.

hackaday.com/2025/04/17/bicycl…

If you had to guess, what do you think it would take to build an ocean-going buoy that could not only survive on its own without human intervention for more than two years, but return useful data the whole time? You’d probably assume such a feat would require beefy hardware, riding inside an expensive and relatively large watertight vessel of some type — and for good reason, the ocean is an unforgiving environment, and has sent far more robust hardware to the briny depths.

But as Wayne Pavalko found back in 2016, a little planning can go a long way. That’s when he launched the first of what he now calls Maker Buoys: a series of solar-powered drifting buoys that combine a collection of off-the-shelf sensor boards with an Arduino microcontroller and an Iridium Short-Burst Data (SBD) modem in a relatively simple watertight box.

He guessed that first buoy might last a few weeks to a month, but when he finally lost contact with it after 771 days, he realized there was real potential for reducing the cost and complexity of ocean research.

Wayne recalled the origin of his project and updated the audience on where it’s gone from there during his 2024 Supercon talk, Adventures in Ocean Tech: The Maker Buoy Journey. Even if you’re not interested in charting ocean currents with homebrew hardware, his story is an inspirational reminder that sometimes a fresh approach can help solve problems that might at first glance seem insurmountable.

DIY All the Way

As Dan Maloney commented when he wrote-up that first buoy’s journey in 2017, the Bill of Materials for a Maker Buoy is tailored for the hobbyist. Despite being capable of journeys lasting for several thousand kilometers in the open ocean, there’s no marine-grade unobtainium parts onboard. Indeed, nearly all of the electronic components can be sourced from Adafruit, with the most expensive line item being the RockBLOCK 9603 Iridium satellite modem at $299.

Even the watertight container that holds all the electronics is relatively pedestrian. It’s the sort of plastic latching box you might put your phone or camera in on a boat trip to make sure it stays dry and floats if it falls overboard. Wayne points out that the box being clear is a huge advantage, as you can mount the solar panel internally. Later versions of the Maker Buoy even included a camera that could peer downward through the bottom of the box.

Wayne says that first buoy was arguably over-built, with each internal component housed in its own waterproof compartment. Current versions instead hold all of the hardware in place with a 3D printed internal frame. The bi-level framework puts the solar panel, GPS, and satellite modem up at the top so they’ve got a clear view of the sky, and mounts the primary PCB, battery, and desiccant container down on the bottom.

The only external addition necessary is to attach a 16 inch (40 centimeter) long piece of PVC pipe to the bottom of the box, which acts as a passive stabilizer. Holes drilled in the pipe allow it to fill with water once submerged, lowering the buoy’s center of gravity and making it harder to flip over. At the same time, should the buoy find itself inverted due to wave action, the pipe will make it top-heavy and flip it back over.

It’s simple, cheap, and incredibly effective. Wayne mentions that data returned from onboard Inertial Measurement Units (IMUs) have shown that Maker Buoys do occasionally find themselves going end-over-end during storms, but they always right themselves.

youtube.com/embed/5WSOKEplw9g?…

Like Space…But Wetter

The V1 Maker Buoy was designed to be as reliable as possible.
Early on in his presentation, Wayne makes an interesting comparison when talking about the difficulties in developing the Maker Buoy. He likens it to operating a spacecraft in that your hardware is never coming back, nobody will be able to service it, and the only connection you’ll have to the craft during its lifetime is a relatively low-bandwidth link.

But one could argue that the nature of Iridium communications makes the mission of the Maker Buoy even more challenging than your average spacecraft. As the network is really only designed for short messages — at one point Wayne mentions that even sending low-resolution images of only a few KB in size was something of an engineering challenge — remotely updating the software on the buoy isn’t an option. So even though the nearly fifty year old Voyager 1 can still receive the occasional software patch from billions of miles away, once you drop a Maker Buoy into the ocean, there’s no way to fix any bugs in the code.

Because of this, Wayne decided to take the extra step of adding a hardware watchdog timer that can monitor the buoy’s systems and reboot the hardware if necessary. It’s a bit like unplugging your router when the Internet goes out…if your Internet was coming from a satellite low-Earth orbit and your living room happened to be in the middle of the ocean.

From One to Many

After publishing information about his first successful Maker Buoy online, Wayne says it wasn’t long before folks started contacting him about potential applications for the hardware. In 2018, a Dutch non-profit expressed interest in buying 50 buoys from him to study the movement of floating plastic waste in the Pacific. The hardware was more than up to the task, but there was just one problem: up to this point, Wayne had only built a grand total of four buoys.

Opportunities like this, plus the desire to offer the Maker Buoy in kit and ready to deploy variants for commercial and educational purposes, meant Wayne had to streamline his production. When it’s just a personal project, it doesn’t really matter how long it takes to assemble or if everything goes together correctly the first time. But that approach just won’t work if you need to deliver functional units in quantities that you can’t count on your fingers.

As Wayne puts it, making something and making something that’s easily producible are really two very different things. The production becomes a project in its own right. He explains that investing the time and effort to make repetitive tasks more efficient and reliable, such as developing jigs to hold pieces together while you’re working on them, more than pays off for itself in the end. Even though he’s still building them himself in his basement, he uses an assembly line approach that allows for the consistent results expected by paying customers.

A Tale Well Told

While the technical details of how Wayne designed and built the different versions of the Maker Buoy are certainly interesting, it’s hearing the story of the project from inception to the present day that really makes watching this talk worthwhile. What started as a simple “What If” experiment has spiraled into a side-business that has helped deploy buoys all over the planet.

Admittedly, not every project has that same potential for growth. But hearing Wayne tell the Maker Buoy story is the sort of thing that makes you want to go dust off that project that’s been kicking around in the back of your head and finally give it a shot. You might be surprised by the kind of adventure taking a chance on a wild idea can lead to.

youtube.com/embed/cCYdSGGZcv0?…

hackaday.com/2025/04/17/superc…

Il Global Threat Report 2025 di CrowdStrike ha tracciato l’evoluzione e anticipato le sfide per la sicurezza informatica, ponendo attenzione sulla necessità di un ripensamento radicale delle strategie difensive tradizionali. Su questo e molto altro si confronterà un panel di esperti e aziende al CrowdTour, il 5 giugno a Milano.

Il Global Threat Report 2025 di CrowdStrike ha recentemente fotografato un panorama globale delle minacce informatiche in evoluzione. Nel 2024, la rapidità con cui gli attaccanti sono riusciti a sfruttare le vulnerabilità per insidiarsi nei sistemi è cresciuta, con un breakout timeminimo registrato di appena 51 secondi.

I cybercriminali, sempre più rapidi, sofisticati e organizzati, sfruttano le vulnerabilità degli ambienti cloud, le debolezze umane e tecnologie emergenti, prima tra tutte l’intelligenza artificiale generativa, per colpire le aziende ovunque e in ogni settore mettendo in luce l’esigenza non più trascurabile di mettere in pratica strategie di difesa più articolate.

L’intelligenza artificiale generativa: l’arma nelle mani degli attaccanti

Protagonista dell’indagine di CrowdStrike l’adozione su larga scala nel 2024 della GenAI da parte degli attaccanti informatici. L’AI ha notevolmente migliorato la qualità degli attacchi, in termini di automazione e scalabilità, generazione automatica di contenuti e di social engineering sempre più precisi. Gli strumenti di intelligenza artificiale generativa sono stati usati infatti per scrivere e-mail di phishing più credibili, creare profili falsi, realizzare contenuti manipolatori e automatizzare la creazione di malware.

Sono stati osservati in particolare gruppi nordcoreani, primo tra tutti FAMOUS CHOLLIMA, responsabile di aver utilizzato tecniche di social engineering per supportare la creazione di profili LinkedIn falsi, testi e risposte più credibili da utilizzare durante i colloqui di lavoro, utilizzando strumento di Gen AI. Con queste tecniche è stato possibile per questi criminali ingannare i recruiter, farsi assumere all’interno di grandi aziende come sviluppatori di software e tecnici IT e poi spedire i laptop aziendali in dotazione presso “Laptop farms” situate in paesi specifici per ottenere un IP pubblico di provenienza “trusted” (es. USA) e, una volta ottenuto l’accesso alle reti aziendali, installare strumenti di gestione remota (RMM) e estensioni del browser malevole per esfiltrare dati o eseguire altre attività malevole.

Le nuove frontiere dello spionaggio: la Cina e il cloud nel mirino

Il report ha posto anche l’attenzione su un aumento significativo dell’attività malevola associata alla Cina, cresciuta del 150% su scala globale e fino al 300% in settori come finanza, media, manifattura, industria e ingegneria.

Anche il cloud è diventato un bersaglio privilegiato, poiché responsabile della creazione di superfici di attacco sempre più estese, ma anche di configurazioni spesso errate e vulnerabilità non patchate.

Gli attaccanti hanno sfruttato identità compromesse e l’exploitation of trust relationship, ovvero abusi dei rapporti di fiducia, per muoversi lateralmente e mantenere l’accesso alle risorse cloud. Sono aumentate le intrusioni SaaS, in particolare su piattaforme come Microsoft 365, spesso finalizzate a esfiltrare dati ai fini di estorsione o di accesso a terze parti.

Quali strategie difensive adottare in azienda

CrowdStrike non si limita ad analizzare l’evoluzione delle minacce nel corso del 2024, ma propone una serie di riflessioni, raccomandazioni e best practices per le organizzazioni:

• Proteggere l’intero ecosistema delle identità adottando MFA resistenti al phishing, implementando politiche di accesso forti e utilizzando strumenti di rilevamento delle minacce alle identità integrati con piattaforme XDR
• Eliminare i gap di visibilità cross-domain: modernizzando le strategie di rilevamento e risposta con soluzioni XDR e SIEM di nuova generazione, svolgendo threat hunting proattivo e utilizzando intelligence sulle minacce
• Difendere il cloud come infrastruttura core: utilizzare CNAPP con capacità CDR, eseguire audit regolari per scoprire configurazioni errate e vulnerabilità non patchate
• Dare priorità al patching dei sistemi critici e utilizzare strumenti come Falcon Exposure Management per concentrarsi sulle vulnerabilità ad alto rischio
• Adottare un approccio basato sull’intelligence, integrare l’intelligence nelle operazioni di sicurezza, avviare programmi di consapevolezza degli utenti e svolgere esercitazioni di tabletop e red/blue teaming.

Appuntamento con il CrowdTour 2025 il prossimo 5 giugno a Milano

L’evento annuale di CrowdStrike farà tappa il prossimo 5 giugno presso PARCO Center Milano per un pomeriggio di full immersion nella cybersecurity.

L’azienda offrirà a professionisti, decision maker e aziende l’opportunità di confrontarsi direttamente con esperti internazionali, esplorare casi di successo e approfondire le più recenti innovazioni in ambito protezione degli endpoint, delle identità e delle infrastrutture cloud. L’evento rappresenterà anche un momento di networking per chi affronta quotidianamente le sfide della sicurezza, e di condivisione di esperienze reali, utile per lo sviluppo di strategie efficaci contro minacce tradizionali ed emergenti. Trovate tutte le informazioni sull’agenda e la possibilità di registrarsi a questo link.

L'articolo La sicurezza informatica nel 2025: un panorama di minacce in costante evoluzione e come difendersi proviene da il blog della sicurezza informatica.

Ed ecco a voi Sinistra per Israele (come già noto prezzolata da Netanyahu)

Cronaca. Ieri in un dibattito in Senato si è riunita la cosiddetta “Sinistra per Israele” con Ivan Scalfarotto (Iv), Lucio Malan e Piero Fassino, Sensi e Delrio, Alfredo Bazoli e Walter Verini, Lia Quartapelle e Marianna Madia, Enza Rando e Antonio Nicita, Simona Malpezzi e Sandra Zampa; Marco Carrai, da sempre vicino a Matteo Renzi, e console onorario di Israele e Raffaella Paita, Luciano Nobili, Silvia Fregolent di IV.
L’iniziativa voleva contrastare la mozione contro Israele di Conte del giorno prima che ha visto anche la partecipazione della Shlein.
Fassino, oltre a ricordare ai presenti con orgoglio che viene definito “il sionista di sinistra”, ha ricordato anche “che va bene dire due popoli due Stati, ma che la soluzione ad ora non è praticabile”, dicendo inoltre che molte delle strutture operative di Hamas sono costruite vicino a luoghi come gli ospedali, e dunque risultano “fatali” le vittime civili. Fatali, ha usato questo termine per giustificare le conseguenze genocidiarie delle bombe israeliane. Per la cronaca - leggo da un articolo di oggi sul FQ- “una donna dal pubblico è pure intervenuta per rivendicare il fatto che l’esercito israeliano “avverte sempre dei suoi obiettivi”. Fassino l’ha rassicurata sulle sue posizioni, la sala ha applaudito”.
Cosa dire? Niente di più, se non che nella sala non aleggiava profumo di Chanel, ma di carne umana bruciata.

(Cosimo Minervini)

We’re suckers here for projects that let you see the unseeable, and [Ayden Wardell Aerospace] provides that on a budget with their $30 Schlieren Imaging Setup. The unseeable in question is differences in air density– or, more precisely, differences in the refractive index of the fluid the imaging set up makes use of, in this case air. Think of how you can see waves of “heat” on a warm day– that’s lower-density hot air refracting light as it rises. Schlieren photography weaponizes this, allowing to analyze fluid flows– for example, the mach cones in a DIY rocket nozzle, which is what got [Ayden Wardell Aerospace] interested in the technique.

Examining exhaust makes this a useful tool for [Aerospace].This is a ‘classic’ mirror-and-lamp Schlieren set up. You put the system you wish to film near the focal plane of a spherical mirror, and camera and light source out at twice the focal distance. Rays deflected by changes in refractive index miss the camera– usually one places a razor blade precisely to block them, but [Ayden] found that when using a smart phone that was unnecessary, which shocked this author.

While it is possible that [Ayden Wardell Aerospace] has technically constructed a shadowgraph, they claim that carefully positioning the smartphone allows the sharp edge of the case to replace the razor blade. A shadowgraph, which shows the second derivative of density, is a perfectly valid technique for flow visualization, and is superior to Schlieren photography in some circumstances– when looking at shock waves, for example.

Regardless, the great thing about this project is that [Ayden Wardell Aerospace] provides us with STLs for the mirror and smartphone mounting, as well as providing a BOM and a clear instructional video. Rather than arguing in the comments if this is “truly” Schlieren imaging, grab a mirror, extrude some filament, and test it for yourself!

There are many ways to do Schlieren images. We’ve highighted background-oriented techniques, and seen how to do it with a moiré pattern, or even a selfie stick. Still, this is the first time 3D printing has gotten involved and the build video below is quick and worth watching for those sweet, sweet Schlieren images.

youtube.com/embed/piGYryly5Bw?…

hackaday.com/2025/04/17/budget…

Day after day, threat actors create new malware to use in cyberattacks. Each of these new implants is developed in its own way, and as a result gets its own destiny – while the use of some malware families is reported for decades, information about others disappears after days, months or several years.

We observed the latter situation with an implant that we dubbed MysterySnail RAT. We discovered it back in 2021, when we were investigating the CVE-2021-40449 zero-day vulnerability. At that time, we identified this backdoor as related to the IronHusky APT, a Chinese-speaking threat actor operating since at least 2017. Since we published a blogpost on this implant, there have been no public reports about it, and its whereabouts have remained unknown.

However, recently we managed to spot attempted deployments of a new version of this implant, occurring in government organizations located in Mongolia and Russia. To us, this observed choice of victims wasn’t surprising, as back in 2018, we wrote that IronHusky, the actor related to this RAT, has a specific interest in targeting these two countries. It turned out that the implant has been actively used in cyberattacks all these years although not reported.

Infection through a malicious MMC script

One of the recent infections we spotted was delivered through a malicious MMC script, designed to be disguised as a document from the National Land Agency of Mongolia (ALAMGAC):

Malicious MMC script as displayed in Windows Explorer. It has the icon of a Microsoft Word document

When we analyzed the script, we identified that it is designed to:

• Retrieve a ZIP archive with a second-stage malicious payload and a lure DOCX file from the file[.]io public file storage.
• Unzip the downloaded archive and place the legitimate DOCX file into the %AppData%\Cisco\Plugins\X86\bin\etc\Update folder
• Start the CiscoCollabHost.exe file dropped from the ZIP archive.
• Configure persistence for the dropped CiscoCollabHost.exefile by adding an entry to the Run registry key.
• Open the downloaded lure document for the victim.

Intermediary backdoor

Having investigated the
CiscoCollabHost.exe file, we identified it as a legitimate executable. However, the archive deployed by the attackers also turned out to include a malicious library named CiscoSparkLauncher.dll, designed to be loaded by the legitimate process through the DLL Sideloading technique.
We found out that this DLL represents a previously unknown intermediary backdoor, designed to perform C2 communications by abusing the open-source piping-server project. An interesting fact about this backdoor is that information about Windows API functions used by it is located not in the malicious DLL file, but rather in an external file having the
log\MYFC.log relative path. This file is encrypted with a single-byte XOR and is loaded at runtime. It is likely that the attackers introduced this file to the backdoor as an anti-analysis measure – since it is not possible to determine the API functions called without having access to this file, the process of reverse engineering the backdoor essentially turns into guesswork.
By communicating with the legitimate
ppng.io server powered by the piping-server project, the backdoor is able to request commands from attackers and send back their execution results. It supports the following set of basic malicious commands:

As we found out, attackers used commands implemented in this backdoor to deploy the following files to the victim machine:

• sophosfilesubmitter.exe, a legitimate executable
• fltlib.dll, a malicious library to be sideloaded

In our telemetry, these files turned out to leave footprints of the MysterySnail RAT malware, an implant we described back in 2021.

New version of MysterySnail RAT

In observed infection cases, MysterySnail RAT was configured to persist on compromised machines as a service. Its malicious DLL, which is deployed by the intermediary backdoor, is designed to load a payload encrypted with RC4 and XOR, and stored inside a file named
attach.dat. When decrypted, it is reflectively loaded using DLL hollowing with the help of code implemented inside the run_pe library.
Just as the version of MysterySnail RAT we described in 2021, the latest version of this implant uses attacker-created HTTP servers for communication. We have observed communications being performed with the following servers:

• watch-smcsvc[.]com
• leotolstoys[.]com
• leotolstoys[.]com

Having analyzed the set of commands implemented in the latest version of this backdoor, we identified that it is quite similar to the one implemented in the 2021 version of MysterySnail RAT – the newly discovered implant is able to accept about 40 commands, making it possible to:

• Perform file system management (read, write and delete files; list drives and directories).
• Execute commands via the cmd.exe shell.
• Spawn and kill processes.
• Manage services.
• Connect to network resources.

Compared to the samples of MysterySnail RAT we described in our 2021 article, these commands were implemented differently. While the version of MysterySnail from 2021 implements these commands inside a single malicious component, the newly discovered version of the implant relies on five additional DLL modules, downloaded at runtime, for command execution. These modules are as follows:

However, this transition to a modular architecture isn’t something new – as we have seen modular versions of the MysterySnail RAT deployed as early as 2021. These versions featured the same modules as described above, including the typo in the
ExplorerMoudleDll.dll module name. Back then, we promptly made information about these versions available to subscribers of our APT Intelligence Reporting service.

MysteryMonoSnail – a repurposed version of MysterySnail RAT

Notably, a short time after we blocked the recent intrusions related to MysterySnail RAT, we observed the attackers to continue conducting their attacks, by deploying a repurposed and more lightweight version of MysterySnail RAT. This version consists of a single component, and that’s why we dubbed it MysteryMonoSnail. We noted that it performed communications with the same C2 server addresses as found in the full-fledged version of MysterySnail RAT, albeit via a different protocol – WebSocket instead of HTTP.

This version doesn’t have as many capabilities as the version of MysterySnail RAT that we described above – it was programmed to have only 13 basic commands, used to list directory contents, write data to files, and launch processes and remote shells.

Obsolete malware families may reappear at any time

Four years, the gap between the publications on MysterySnail RAT, has been quite lengthy. What is notable is that throughout that time, the internals of this backdoor hardly changed. For instance, the typo in the
ExplorerMoudleDll.dll that we previously noted was present in the modular version of MysterySnail RAT from 2021. Furthermore, commands implemented in the 2025 version of this RAT were implemented similarly to the 2021 version of the implant. That is why, while conducting threat hunting activities, it’s crucial to consider that old malware families, which have not been reported on for years, may continue their activities under the radar. Due to that, signatures designed to detect historical malware families should never be discontinued simply because they are too old.
At Kaspersky’s GReAT team, we have been focusing on detecting complex threats since 2008 – and we provide sets of IoCs for both old and new malware to customers of our Threat Intelligence portal. If you wish to get access to these IoCs and other information about historical and emerging threats, please contact us at intelreports@kaspersky.com.

securelist.com/mysterysnail-ne…

This project by [Miro] is awesome, not only did he build a replica Enigma machine using modern technologies, but after completing it, he went back and revised several components to make it more usable. We’ve featured Enigma machines here before; they are complex combinations of mechanical and electrical components that form one of the most recognizable encryption methods in history.

His first Enigma machine was designed closely after the original. He used custom PCBs for the plugboard and lightboard, which significantly cleaned up the internal wiring. For the lightboard, he cleverly used a laser printer on semi-transparent paper to create crisp letters, illuminated from behind. For the keyboard, he again designed a custom PCB to connect all the switches. However, he encountered an unexpected setback due to error stack-up. We love that he took the time to document this issue and explain that the project didn’t come together perfectly on the first try and how some adjustments were needed along the way.

The real heart of this build is the thought and effort put into the design of the encryption rotors. These are the components that rotate with each keystroke, changing the signal path as the system is used. In a clever hack, he used a combination of PCBs, pogo pins, and 3D printed parts to replicate the function of the original wheels.

Enigma machine connoisseurs will notice that the wheels rotate differently than in the original design, which leads us to the second half of this project. After using the machine for a while, it became clear that the pogo pins were wearing down the PCB surfaces on the wheels. To solve this, he undertook an extensive redesign that resulted in a much more robust and reliable machine.

In the redesign, instead of using pogo pins to make contact with pads, he explored several alternative methods to detect the wheel position—including IR light with phototransistors, rotary encoders, magnetic encoders, Hall-effect sensors, and more. The final solution reduced the wiring and addressed long-term reliability concerns by eliminating the mechanical wear present in the original design.

Not only did he document the build on his site, but he also created a video that not only shows what he built but also gives a great explanation of the logic and function of the machine. Be sure to also check out some of the other cool enigma machines we’ve featured over the years.

youtube.com/embed/T_UuYkO4OBQ?…

hackaday.com/2025/04/17/modern…

Sul Forum DarketArmy l’attore Mr.Robot ha messo in vendita un RAT ad Agosto 2023. DarknetArmy è un forum attivo nel dark web, emerso per la prima volta nel 2018. È noto per la condivisione di strumenti di hacking, informazioni sulla sicurezza e altre risorse legate alla cybersecurity.

Il RAT, codificato con il nome “888”, ha suscitato un rinnovato interesse nelle ultime due settimane, nonostante il post originale risalga a due anni fa.

Questo aumento di attenzione potrebbe essere dovuto a recenti aggiornamenti o miglioramenti del malware, rendendolo più efficace o difficile da rilevare

Il gruppo Blade Hawk ha utilizzato una versione craccata di questo RAT per condurre attacchi di spionaggio verso gruppi etnici curdi tramite forum, social media o app legittime

Diverse versioni crakkate sono disponibili in repository GitHub e sono tuttora utilizzate da pentester. Le potenzialità di questo malware sono molteplici, ecco le principali:

• Accesso Remoto al Desktop: Permette agli attaccanti di controllare il desktop del sistema infetto da remoto.
• Cattura Webcam e Audio: Consente di registrare video e audio tramite la webcam e il microfono del dispositivo.
• Recupero Password: Estrae password da vari browser e client di posta elettronica.
• Keylogging: Registra i tasti premuti sulla tastiera, permettendo di intercettare informazioni sensibili come credenziali di accesso.
• Gestione dei File: Permette di visualizzare, modificare, eliminare e trasferire file sul sistema infetto.
• Spoofing delle Estensioni dei File: Modifica le estensioni dei file per nascondere la vera natura dei file infetti.
• Persistenza: Implementa meccanismi per rimanere attivo anche dopo il riavvio del sistema o la cancellazione dei file.
• Disabilitazione delle Utility di Sistema: Disabilita strumenti di gestione del sistema per evitare la rilevazione e la rimozione.
• Bypass della Rilevazione Antivirus: Utilizza tecniche di offuscamento per evitare di essere rilevato dai software antivirus.
• Elevazione dei Privilegi: Esegue exploit UAC per ottenere privilegi elevati sul sistema infetto.

Nelle ultime due settimane, il post ha ricevuto un notevole aumento di commenti da parte di utenti interessati al download, suggerendo un possibile aggiornamento del malware o un rinnovato interesse per le sue capacità.

Per proteggersi da minacce come il RAT 888, è raccomandato seguire alcune pratiche di sicurezza:

• Aggiornare e Patchare i Sistemi: Assicurarsi che tutti i sistemi siano aggiornati con le ultime patch di sicurezza, in particolare quelle che affrontano vulnerabilità come MS17-10 (EternalBlue), per prevenire lo sfruttamento da parte dei RAT.
• Migliorare la Protezione degli Endpoint: Implementare soluzioni avanzate di protezione degli endpoint in grado di rilevare e bloccare le attività dei RAT, come l’accesso remoto non autorizzato e l’offuscamento dei processi.

Queste misure possono aiutare a mitigare i rischi associati a malware sofisticati come il RAT 888, contribuendo a mantenere un ambiente digitale più sicuro.

L'articolo DarknetArmy e il RAT 888: Un Malware che Torna a Far Paura proviene da il blog della sicurezza informatica.