The cyberespionage tool GovRat has made a comeback threatening US military and government. Although attacks linked to the malware go back to 2014, it was only discovered last year by InfoArmor.
GovRat was developed by a hacker called “bestbuy” and was available for purchase for 4.5 bitcoins on The Real Deal market. Researchers believe the cybercriminal responsible for GovRat is part of a larger group “selling stolen and fake digital certificates for mobile and PC-based malware code-signing, used to bypass modern AV solutions for other possible APT campaigns.” Members are believed to be behind the attacks on Ashley Madison and AdultFriendFinder.
The hacker has now released a new and more sophisticated version – GovRat 2.0. “After my rat was used for some high profile hacks, I have decided to re-write the code to ensure it remains FUD,” he wrote on the forum.
The malware is “100% FUD – tested with the strictest firewall policies and AV rules.” Features include network shares and password dumping, Tor support, worm capabilities, keylogging, cleartext network and a password sniffer. The malware can’t be blocked as it uses Windows APIs to communicate, and it can spread via USB and network shares. The most recent version can be purchased on Hell Forum at prices from $1,000 to $6,000, depending on the modules.
Bestbuy is believed to also be working with Peace, aka Peace_of_Mind, the hacker who launched attacks on LinkedIn and Yahoo, who may have provided him with 33,000 credentials from educational and research organizations, as well as US government.