MagicRAT Possibly Linked to Lazarus Group APT
MagicRAT is a newly discovered remote access trojan malware. Researchers have discovered signs and markers that link the new RAT to the North Korean advanced persistent threat actor known as Lazarus Group.
MagicRAT is focused primarily on stealthy infiltration and maintaining a low profile on the compromised system. While the malware can perform pretty significant malicious tasks, its feature set is relatively limited, compared to other remote access malicious tools.
MagicRAT can manipulate files on the infected system, including moving, deleting or renaming them. The real purpose and focus of MagicRAT seem to be dropping additional malware, not so much scraping and exfiltrating information.
Researchers have observed the malware acting as a downloader and dropper for additional malicious payloads, including the TigerRAT - another piece of malware associated with the Lazarus Group APT.
The Lazarus Group is known for supporting its tools, so future updates to MagicRAT may bring more advanced functionality to the malware.