A newly discovered malware named ‘WogRAT’ is causing concern as it targets both Windows and Linux operating systems, utilizing an online notepad platform called ‘aNotepad’ to facilitate its malicious activities. Researchers at AhnLab Security Intelligence Center (ASEC) have identified the malware, which they have dubbed ‘WogRAT’ or ‘WingOfGod.’ The malware has been active since late 2022 and has primarily targeted countries in Asia, including Japan, Singapore, China, and Hong Kong.
One of the notable aspects of WogRAT is its use of aNotepad, a legitimate online notepad service, to host base64-encoded .NET binaries of the malware. This tactic allows the malware to evade detection by security tools, as the platform is not typically flagged as suspicious. Upon execution on a victim’s machine, the malware initiates a chain of actions, including downloading additional malicious files from aNotepad and establishing communication with a command and control server.
WogRAT operates as a multifunctional backdoor, capable of executing various commands sent from the command and control server. These commands include running specified commands, downloading files from specified URLs, uploading files to the command and control server, and more. Additionally, WogRAT features a Linux variant in ELF form, which shares similarities with the Windows version but utilizes different techniques, such as Tiny Shell for routing operations and additional encryption for communication with the command and control server.
Despite efforts by researchers to understand its distribution methods, the exact means by which WogRAT is disseminated to victims remain unknown. However, its sophisticated use of legitimate platforms and stealthy operation pose significant challenges for cybersecurity professionals in detecting and mitigating its impact. Further analysis and monitoring of WogRAT’s activities are necessary to develop effective countermeasures against this evolving threat.
