Hackers are getting a taste of their own medicine, according to a recent malware campaign discovered by security specialist Cyberreason. Well-known hacker tools are hijacked with the njRat trojan. However, the trojan not only gives access to hackers’ systems, but also to systems that they in turn control and/or have hacked.

The now discovered malware campaign focuses on hackers. Well-known popular hacking tools are infected with the trojan and repackaged. These tweaked hacking tools are then distributed with malware via known hacking forums. Who exactly is behind this malware is not known.

Attack on hacking tools

Cybercriminals mainly focus on hacking tools designed to ‘unlock’ trial versions of software. Through holes in the product key generators that should give these trial versions full functionality, the malware can lock data out of databases. The malware also installs a powerful remote access trojan. This gives the hackers remote access to the affected computers.

The versions of these tools, now tweaked with njRat, allow the attackers to access not only the hackers’ systems, but also the systems they hacked. This not only gives them access to files and passwords, but also to webcams and microphones.

Longer known malware

The researchers of Cyberreason indicate that the njRAt trojan has been known for some time. Already in 2013, this trojan was discovered when mainly targets in the Middle East were attacked. njRat is mainly distributed via phishing and infected USB drives. Since 2017, security experts have noticed that the trojan is increasingly being injected into dormant or insecure websites. This is to prevent easy discovery by anti-malware tools.

Fully automated attacks

The security specialist discovered that at the moment the infection of the tools happens on an almost daily basis on a large scale. Based on this, the specialist suspects that this entire process is almost completely automated without human intervention.

Who exactly is behind the current attacks with njRat on hacking tools and why they carry out these attacks is not yet known.