WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
HOME ACCOUNT PRODUCTS NEWS ARTICLES DIRECTORY CLASSIFIEDS FORUMS TOOLS
* Find Web Hosting Deals on WebsiteGear Classifieds !
  Home News Technology Internet Security Tuesday, March 31, 2026 
Add Press Release News | News Feeds Feeds | Email This News Email


Suspected Pakistani actor modifies its custom remote access trojan with nefarious new capabilities
Thursday, August 19, 2021

ReverseRat 2.0 gains access to webcams and USB-connected devices while evading anti-virus detection

DENVER, Aug. 11, 2021 /PRNewswire/ -- Black Lotus Labs, the threat intelligence arm of Lumen Technologies (NYSE: LUMN), today announced that ReverseRat - the remote access trojan it discovered just six weeks ago - has been modified with new capabilities targeting new victims.


ReverseRat 2.0 gains access to webcams and USB-connected devices while evading anti-virus detection.

Threat Assessment

After discovering and issuing its initial ReverseRAT research, Black Lotus Labs continued to track the threat actor, which had previously targeted government and energy-sector organizations in India and Afghanistan. Some of the new discoveries include:

    --  Victims were lured by a .pdf file that looked like an agenda for a
        United Nations meeting on organized crime. The document itself appears
        to have been fabricated as the UN Journal lists no such meeting on that
        topic during this timeframe.
    --  Most of the organizations that appeared to be targeted by the new
        "ReverseRat 2.0" were in Afghanistan, with a handful in Jordan, India
        and Iran.
    --  The first iteration of ReverseRat relied on Allakore, an open-source
        RAT, to run parallel to the custom framework. ReverseRat 2.0 replaced
        AllaKore altogether with a new agent called NightFury.
    --  ReverseRat 2.0 introduced new, more intrusive capabilities including:
        --  Taking photos via the infected computer's webcam and stealing files
            from any device connected to the compromised machine via a USB port.
        --  Techniques to evade detection by Kaspersky or Quick Heal antivirus
            (AV) products if either were detected on the host machine.

Black Lotus Labs Response and Recommendations

    --  To combat this campaign, Black Lotus Labs null-routed the threat actor
        infrastructure across the Lumen global IP network and notified the
        affected organizations.
    --  Black Lotus Labs continues to follow this threat group to detect and
        disrupt similar compromises, and we encourage other organizations to
        alert on this and similar campaigns in their environments.
    --  Given the nature of the critical sectors the actor is targeting, Black
        Lotus Labs advises security practitioners to learn the actor's current
        tactics, tools and procedures (TTPs) to better defend their
        organizations against potential attacks.
    --  Anyone interested in collaborating on similar research can contact Black
        Lotus Labs on Twitter @BlackLotusLabs.

Additional Resources

    --  For additional IOCs such as file hashes associated with this campaign,
        and for this threat actor's larger activity cluster, please visit the
        Black Lotus Labs blog.
    --  To catch up on Black Lotus Labs's ReverseRat research, visit the first
        blog published in June 2021.

About Lumen Technologies:

Lumen is guided by our belief that humanity is at its best when technology advances the way we live and work. With approximately 450,000 route fiber miles and serving customers in more than 60 countries, we deliver the fastest, most secure platform for applications and data to help businesses, government and communities deliver amazing experiences.

Learn more about the Lumen network, edge cloud, security, communication and collaboration solutions and our purpose to further human progress through technology at news.lumen.com/home, LinkedIn: /lumentechnologies, Twitter: @lumentechco, Facebook: /lumentechnologies, Instagram: @lumentechnologies and YouTube: /lumentechnologies. Lumen and Lumen Technologies are registered trademarks in the United States.

View original content to download multimedia:https://www.prnewswire.com/news-releases/suspected-pakistani-actor-modifies-its-custom-remote-access-trojan-with-nefarious-new-capabilities-301352897.html

SOURCE Lumen Black Lotus Labs



Email This News Email | Submit To Slashdot Slashdot | Submit To Digg.com Digg | Submit To del.icio.us Del.icio.us | News Feeds Feeds

RELATED NEWS ARTICLES
Nav Identiv Completes Thailand Manufacturing Transition, Unlocking Next-Generation Multicomponent Manufacturing for Advanced IoT Solutions | Jan 22, 2026
Nav Global Cyber Alliance Identifies Five Cybersecurity Forces That Defined 2025 - And Will Shape 2026 | Jan 22, 2026
Nav New Report Names States Most Vulnerable to Holiday Scams | Jan 22, 2026
Nav Android Mobile Adware Surges in Second Half of 2025 | Jan 22, 2026
Nav pgEdge Announces pgEdge Agentic AI Toolkit for Postgres | Jan 22, 2026
Nav Guardz 2025 SMB Cybersecurity Report: Nearly 50% of U.S. Small Businesses Have Been Hit by Cyber Attack | Jan 22, 2026
Nav Truvista Fiber Acquires SlyTel | Jan 22, 2026
Nav Breakthrough Progress: METiS TechBio Publishes Consecutive Research Findings in Nature Communications and the Journal for ImmunoTherapy of Cancer | Jan 22, 2026
Nav LG ELECTRONICS INTRODUCES 2026 LG GRAM LINEUP ELEVATED BY AEROMINUM | Jan 22, 2026
Nav Healthcare Industry Executives are Likely to be Personal Targets of Cybercrime | Jan 22, 2026
NEWS SEARCH
Survey Software
Survey Software
Click Tracking Software
Click Tracking
Poll Software
Poll Software
Rating Software
Rating Software
FEATURED NEWS | POPULAR NEWS
Submit News | View More News View More News
Copyright © 2003-2026 WebsiteGear Inc. All rights reserved. WEBSITEGEAR® is a registered trademark of WebsiteGear Inc.