Upgraded ChaChi RAT used to escalate attacks on education orgs

Upgraded ChaChi RAT used to escalate attacks on education orgs

3 years ago
Anonymous $LNMzUc6XNz

https://www.bleepingcomputer.com/news/security/pysa-ransomware-backdoors-education-orgs-using-chachi-malware/

"After initial sightings in attacks during the first quarter of 2020, ChaChi’s code was altered to include obfuscation and persistence in late March or early April," the BlackBerry Threat Research and Intelligence Team says in a report shared in advance with BleepingComputer.

"Very soon after that, we started seeing ChaChi variants with the added DNS tunnelling and Port-Forwarding/Proxy functionality."