A security researcher at Cybereason recently discovered a new malware campaign in which hacking groups are targeting each other by infecting popular hacking tools.

A recently discovered malware campaign has revealed quite an interesting development, suggesting that hackers themselves are becoming the targets of their peers. According to a recent report by Cybereason security researcher Amit Serper, hackers seem to be infecting popular hacking tools with malware.

The campaign has supposedly already been running for a year, even though it was only discovered recently. It also seems to be targeting a number of existing hacking tools, many of which were designed for exfiltrating data from various databases by misusing product key generators, cracks, and the like.

Such tools are being infected by a powerful remote-access trojan, as Serper reports. As soon as someone opens them, the hackers would gain full access to the targeted hacker’s device. Serper added that hackers seeking victims among their own are actively trying to infect as many others as possible by posting the repackaged tools on various hacking forums.

Advertisement
Continue reading below

Hackers are targeting more than just other hackers

With that said, Serper believes that there is something else at play here, not just hackers targeting other hackers. The malicious tools are not only opening backdoors to hacker-owned computers but also to all the systems that the targeted hackers have already breached.

Serper said that this also includes offensive security researchers who are working on red team engagements.

The hackers behind the attack on other hackers remain unknown at this time. But what Serper did confirm is that they are injecting and repackaging tools with a trojan known as njRat, which provides access to files, passwords, microphones and webcams, and even entire desktops. The trojan itself is at least seven years old, dating back to 2013 when it was used against targets in the Middle East.

Serper also claims that hackers have compromised multiple websites to host hundreds of malware samples and speed up the infection of others.