Silver RAT Linked to Syrian Threat Actor
A hacking group known as Anonymous Arabic has recently unleashed a new remote access trojan (RAT) named Silver RAT. This malware is designed to circumvent security software and discreetly initiate concealed applications. Cyfirma, a cybersecurity firm, highlighted the active and sophisticated presence of the developers on multiple hacker forums and social media platforms in a recent report.
These threat actors, believed to be of Syrian origin and associated with the creation of another RAT named S500 RAT, manage a Telegram channel offering various services. These services include distributing cracked RATs, sharing leaked databases, engaging in carding activities, and selling Facebook and X (formerly Twitter) bots. The sold social media bots are later employed by other cybercriminals to automatically interact with and comment on user content to promote illicit services.
Silver RAT is Still Relatively Fresh
Silver RAT v1.0 was first detected in the wild in November 2023, even though the hackers officially announced their plans to release the trojan a year earlier. The trojan was cracked and leaked on Telegram around October 2023.
This C#-based malware comes with numerous features, such as connecting to a command-and-control (C2) server, logging keystrokes, deleting system restore points, and encrypting data using ransomware. There are also hints that an Android version is currently in development.
When creating a payload with Silver RAT's builder, threat actors can choose from various options with a payload size of up to 50kb. Once connected, the victim's data is displayed on the attacker-controlled Silver RAT panel, showcasing logs based on the selected functionalities.
An interesting evasion tactic incorporated into Silver RAT is its capability to postpone payload execution for a specific time, along with the ability to discreetly launch apps and take control of the compromised host.
Further examination of the online activities of the malware authors suggests that one of the group members is likely in their mid-20s and based in Damascus.