Hackers Hacking Hackers – Cybersecurity Specialist Insight

By   ISBuzz Team
Writer , Information Security Buzz | Mar 11, 2020 04:40 am PST

Cybereason‘s Nocturnus Research Team is investigating a campaign where cybercriminals are trojanising multiple hacking tools with njRat, a well known RAT. The campaign ultimately gives attackers total access to the target machine. The threat actors behind this campaign are posting malware, embedded inside various hacking tools, and cracks for those tools on several websites. Once the files are downloaded and opened, the attackers are able to completely take over the victim’s machine.

In this new piece of research, Cybereason presents its analysis of the TTPs of the attackers, and the indicators of compromise. In the investigation of this campaign, Cybereason has found hundreds of trojanised files and a lot of information about the threat actors infrastructure.


  • Widespread Campaign: Cybereason has found a widespread hacking campaign that uses the njRat Trojan to hijack the victim’s machine, giving the threat actors complete access that can be used for anything from conducting DDoS attacks to stealing sensitive data.
  • Baiting Hackers: The malware is spreading by turning various hacking tools and other installers into Trojans. The threat actors are posting the maliciously modified files on various forums and websites to bait other hackers.
  • Using Vulnerable WordPress Websites: The threat actors are hacking vulnerable WordPress installations to host their malicious njRat payloads.
  • A “Malware Factory”: It seems as if the threat actors behind this campaign are building new iterations of their hacking tools on a daily basis.
Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Global Cyber Security Advisor
InfoSec Expert
March 11, 2020 12:42 pm

Hackers getting hacked may sound like a comeuppance, but it’s most likely fueling more criminal activity and spreading to a wider audience than just those intended. Once campaigns like this are released into the wild, they inevitably end up being used by other threat actors, which increases the number of targets on a wider scale. Whilst the actors behind these campaigns may not be thinking about how moral such activities are, it highlights that even criminal hackers are susceptible to foul play and are vulnerable to impressive attacks.

Last edited 3 years ago by Jake Moore

Recent Posts

Would love your thoughts, please comment.x