Anonymous Arabic, a cyber threat group, has recently unveiled a powerful remote access trojan (RAT) named Silver RAT, designed to evade security measures and discreetly launch hidden applications. Operating on multiple hacker forums and social media platforms, the developers showcase an active and sophisticated online presence, according to a report by cybersecurity firm Cyfirma.
The group, believed to be of Syrian origin and linked to the development of another RAT called S500 RAT, runs a Telegram channel offering services like distributing cracked RATs, leaked databases, carding activities, and selling social media bots for Facebook and X. These bots are utilized by other cyber criminals to automatically engage with and comment on user content, amplifying the impact of their activities.
In November 2023, in-the-wild detections of Silver RAT v1.0 were observed, following the threat actor’s official announcement a year prior. The C#-based malware comes with a range of features, including connecting to a command-and-control server, logging keystrokes, destroying system restore points, and potentially encrypting data using ransomware. Notably, an Android version of the malware is indicated to be in development. The company notes that while generating a payload using Silver RAT’s builder, threat actors can select various options with a payload size up to 50kb. Once connected, the victim appears on the attacker-controlled Silver RAT panel, displaying logs based on the chosen functionalities.
A distinctive feature of Silver RAT is its ability to delay payload execution by a specific time and covertly launch apps, taking control of the compromised host. Further analysis of the malware author’s online footprint suggests that one of the group members is likely in their mid-20s and based in Damascus. The developer appears to support Palestine based on their Telegram posts, and the group is active across various online arenas, including social media, development platforms, underground forums, and Clearnet websites, indicating their involvement in the distribution of various malware, as highlighted by Cyfirma.
