- Sofos says he was inclined to the existence of Sakura Rata
- In -depth investigation he discovered more than one hundred rear github projects
- Everyone addresses the candidates for computer pirates and the cheats of the game.
It is a world of ‘dog dogs’, since Sophos security researchers discovered an important piracy operation operation: other computer pirates, with people who cheated in the computer games also directed.
In an in -depth analysis recently published, Sofos said that a client asked if his platform protected against a piece of malware found in Github, called Sakura Rat. Apparently they were interested in the open source project after the statements of the “sophisticated anti-detention capacities”.
Sofos quickly realized that it is not only harmless to Sakura Rat for other people, but it is only a risk for those who compile it and seek to distribute it to other people.
In the rough burrow
“In other words, the Sakura rat was rear,” Sophos explained.
The rat itself was not so peculiar either. Most of the code was copied from the popular Asyncrat, and many of the forms inside were left empty, which means that it would not even work properly on the destination device.
But the rat led the team “in a burrow of the obfuscation, convoluted infection chains, identifiers and multiple rear door variants.”
Apparently, the person (s) behind the rat – aka ISCHHFD83 – actually created more than one hundred variants of rear malware, all designed to attack the rookie threat actors and the people looking for game tricks.
In total, Sofos found 141 repositories of the same threat actors, 133 were Malwared in different ways. 111 contained Sakura.
The majority (58%) were announced as game tricks, 24% as malware projects, 7% as bots, 5% as cryptographic tools and 6% such as other miscellaneous tools.
The campaign began in 2024, the investigators added, which suggests that it was aimed at the rookies because the advanced threat actors would execute such projects in a Sandbox environment. In addition, they would analyze the owner of the project and the comments, and they would quickly realize that most of the interaction is carried out by means of bots with almost identical names.
The campaign was not attributed to any threat actor in particular, but it was stated that it was quite successful.
