Notorious WrnRAT Delivered Mimic As Gambling Games
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Cybersecurity analysts have uncovered a sophisticated malware operation targeting online gambling platforms. Threat actors are distributing the WrnRAT malware by disguising it as popular Korean gambling games. The multi-stage infection process involves a batch script, followed by a .NET-based dropper that installs and executes WrnRAT. The malware, developed using Python and packaged with PyInstaller, captures screenshots, collects system information, and can terminate specific processes. It also manipulates firewall configurations to evade detection. The primary motivation appears to be financial exploitation, with attackers potentially gaining unfair advantages in gambling activities by observing players' actions in real-time.
OPENCTI LABELS :
korea,gambling,pyinstaller,screen capture,wrnrat,multi-stage infection,financial exploitation
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Notorious WrnRAT Delivered Mimic As Gambling Games