Threat actors have been observed utilizing malware called NiceRAT as a means of co-opting infected devices into a botnet.

The attacks have targeted South Korean users and are designed to deploy the malware using the cover of cracked software. Cracked software can include Microsoft Windows and other tools that license Microsoft Office. An alternative distribution vector employs a botnet to compromise computers, turning them into zombie computers once infiltrated by the remote access trojan (RAT). This RAT, known as NanoCore RAT mirrors previous activity which leveraged the Nitol DDoS malware which is used for propagating another malware named Amadey Bot. However, NiceRAT is written in Python and is an actively developed open-source RAT and stealer malware. The malware utilizes Discord Webhook for command-and-control (C2). This allows the threat actor to lift sensitive information from the target.

Read more:

https://thehackernews.com/2024/06/nicerat-malware-targets-south-korean.html