Hackers rely on a set of tools to aid them in breaking into systems, but those tools are now also being loaded with malware by the very same individuals using them.
As TechCrunch reports, it seems hackers are turning on their own and attempting to infect other hackers by installing a remote access trojan. The “no honor among thieves” attacks were discovered by Cybereason researcher Amit Serper.
The attackers are embedding malware in a number of popular hacking tools. More specifically, the njRat trojan is being used to compromise a victim’s machine and gain full access to it. Once in control, sensitive data is being stolen and DDoS attacks triggered. The other advantage of hacking a hacker is there’s the possibility to gain access to systems they have already compromised.
njRat used to be spread through phishing emails or included on flash drives, but hackers are now hosting it on multiple servers including vulnerable WordPress website installations. Injecting the malware into hacking tools is thought to be an automated process happening on a daily basis.
For now, it’s unknown who started this campaign and for what reason. The most obvious reason is to act as a shortcut to accessing compromised systems by simply stealing the work of other hackers. Serper concludes that it’s “safe to assume that many individuals have been infected by this campaign.”