Syrian Malware Team Uses BlackWorm RAT in Attacks

Syrian Malware Team (SMT) who are connected with the Syria Pro hackers group 'Syrian Electronic Army' once again active on the cyber worlds and they came back with another popular malware 'BlackWorm RAT'. Hackers group have improved the malware performance and implement some new and effective features on Malware bundle.

Security researcher firm, FireEye says that the new variants on the BlackWorm has got a capabilities such as bypassing the UAC (User Account Control) feature in Windows, disabling the firewall protection mechanism, as well as propagation through network shares.

Author of BlackWorm
As the BlackWorm Malware was original coded by Naser Al Mutairi from Kuwait (njq8), a hacker Microsoft filed a lawsuit against back in June. Mutairi (njq8) is also the creator of NJw0rm (also known as Jenxcus) , the malicious software that affected users from Europe and the US and led to Microsoft’s seizing of free domain names from No-IP.com.
From the beginning only many of the malware coders and programmers have tried to improved the malware bundle, which was spread through underground forums, and now it reached to the latest build used by the Syrian Malware Team.

New BlackWorm features-
Researchers says that this build of malware is named as Dark Edition (v2.1), and its builder offers better control of the built-in features, allowing operators to easily turn on or off different functions, according to their needs. It also have the options for enabling propagation through various methods (peer-to-peer, USB, shortcuts, LAN), preventing access to tools on the affected machine that could lead to disabling it, or anti-detection settings

On investigation of BlackWorm, FireEye reports that the hacker group or attacker communicate between the binary and the command and control (C&C) server.

Last month, researchers at Kaspersky Lab noted that cyber-attack activity involving Syria is increasing both in terms of sophistication and organization, with recent malware attacks infecting more than 10,000 users. The victims of the attacks were spread throughout the world, with countries such as Turkey, Saudi Arabia, Lebanon and Palestine being hit hardest.