BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • StrRAT and Ratty operators use polyglot files to make Trojans less visible


    A malicious campaign to spread the StrRAT and Ratty trojans was discovered by the information security company Deep Instinct. Experts note that despite the wide popularity of these two malware, their operators have learned to bypass some anti-virus systems.

    Polyglot files combine two or more formats in such a way that different applications can run them without errors. Hackers have been taking advantage of this feature for several years, using it to hide malicious code and confuse defenses.

    Since 2018, attackers have often used the tactic of combining JAR and MSI formats in a single file, according to Deep Instinct researchers. JAR files are archives identified by an entry at the end of the file. MSI files use a “magic header” at the beginning of the file to identify the file type, which allows you to use two formats at once in one file. This provides several benefits:

    • Such files can run as MSIs on Windows and as JARs on the Java runtime;
    • JAR files are not executable files, so they are not as thoroughly scanned by antiviruses. This allows attackers to hide malicious code in them, thereby deceiving the antivirus, which scans the pure MSI part of the file.

    In addition, sometimes attackers combine JAR and CAB files, since the latter also have a “magic header”.

    Hackers use Sendgrid and short link services such as Cutt.ly and Rebrand.ly to distribute trojanized polyglot files. The StrRAT and Ratty payloads are stored on Discord and hosted in Bulgaria by BelCloud.

    Author DeepWeb
    Norton password manager systems hacked
    CircleCI says hackers stole encryption keys and customers’ secrets

    Comments 0

    Add comment