Skip to main content
  1. Home
  2. Computing
  3. News

This dangerous hacking tool is now on the loose, and the consequences could be huge

By

A dangerous post-exploitation toolkit, first used for cybersecurity purposes, has now been cracked and leaked to hacking communities.

The toolkit is being shared across many different websites, and the potential repercussions could be huge now that it can fall into the hands of various threat actors.

Brute Ratel logo.
Bleeping Computer

This could be bad. The post-exploitation toolkit in question, called Brute Ratel C4, was initially created by Chetan Nayak. Nayak is an ex-red teamer, meaning that his job included attempting to breach the securities of a given network, which was being actively defended by those on the blue team. Afterward, both teams discuss how it went and whether there are some security flaws to improve upon.

Recommended Videos

Brute Ratel was created for that exact purpose. It was made for “red teamers” to use, with the ultimate purpose of being able to execute commands remotely on a compromised network. This would then grant the attacker access to the rest of the network in an easier way.

Related

Cobalt Strike is seen as a similar tool to Brute Ratel, and that tool has been heavily abused by ransomware gangs, which is why it’s fairly easy to detect. Brute Ratel has not been quite as widely spread up until now, and it has a licensing verification system that mostly kept the hackers at bay. Nayak is able to revoke the license of any company found to be fake or misusing the tool.

Unfortunately, that’s now a thing of the past, because a cracked version of the tool started to circulate. It was first uploaded to VirusTotal in its uncracked state, but a Russian group called Molecules was able to crack it and entirely remove the licensing requirement from it. This means that now, any potential hacker can get their hands on it if they know where to look.

Will Thomas, a cyber threat intelligence researcher, published a report on the cracked version of the tool. It has already spread to many English and Russian-speaking communities, including CryptBB, RAMP, BreachForums, Exploit[.]in, Xss[.]is, and Telegram and Discord groups.

Person typing on a computer keyboard.
Image used with permission by copyright holder

“There are now multiple posts on multiple of the most populated cybercrime forums where data brokers, malware developers, initial access brokers, and ransomware affiliates all hang out,” said Thomas in the report. In a conversation with Bleeping Computer, Thomas said that the tool works and no longer requires a license key.

Thomas explained the potential dangers of the tech, saying, “One of the most concerning aspects of the BRC4 tool for many security experts is its ability to generate shellcode that is undetected by many EDR and AV products. This extended window of detection evasion can give threat actors enough time to establish initial access, begin lateral movement, and achieve persistence elsewhere.”

Knowing that this powerful tool is out there, in the hands of hackers who should never have gained access to it, is definitely scary. Let’s hope that antivirus software developers can tighten the defenses against Brute Ratel soon enough.

Editors' Recommendations

Topics
Monica J. White
Monica J. White
Computing Writer
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
Update your Google Chrome browser now: New exploit could leave you open to hacks
Google Chrome Stock Photo

If you’re a Google Chrome user, you should update the browser immediately. Google released a software update to the browser late yesterday evening that patches two zero-day vulnerabilities to the browser that could potentially allow the browser to be hijacked by hackers.
One of the vulnerabilities affects Chrome’s audio component (CVE-2019-13720) while the other resides in the PDFium (CVE-2019-13721) library.
Hackers can corrupt or modify the data in Chrome’s memory using the exploit, which will eventually give them access to the computer as a whole.
One of the exploits, CVE-2019-13720 has been discovered in the wild by researchers at Kaspersky.
Google says that the update to the browser will be rolling out to users automatically over the coming days and weeks.
That said, if you’re a Chrome user it would be more prudent for you to go ahead and do that update manually right now instead.
To make it happen you’ll want to launch Chrome on your computer and then click on “Chrome” in the menu bar followed by “About Chrome.” That will launch the Settings menu. From there,  click “About Chrome” at the bottom of the menu on the left. That will likely trigger an automatic update if yours hasn’t already happened. If it doesn’t, you’ll see a button to manually update the browser as well.
Once you update the browser you should be good to go without fear of the security threat becoming an issue. Last month many Mac users ran into issues with Google Chrome when it seemed to send computers into an endless reboot cycle.
An investigation by Mac enterprise and IT blog Mr. Macintosh found that the issue was actually a bug that deletes the symlink at the/var path on the Mac it’s running on, which essentially deletes a key in the MacOS system file.
That issue only impacted Macs where the System Integrity Protection (SIP) had been disabled. The issue particularly impacted older Macs that were made before SIP was introduced with OS X El Capitan in 2015.
All this comes as Google is gearing up to launch some major updates to Chrome, including one update that will change how you manage tabs using the browser. That update is expected to roll out later this year.

Read more
Scores of people are downgrading back to Windows 10
The screen of the Galaxy Book4 Ultra.

Microsoft continues to struggle with the adoption of Windows 11 among its users. Recent data from Statcounter reveals a notable decline in the operating system’s market share, specifically compared with Windows 10.

After reaching an all-time high of 28.16% in February 2024, Windows 11 has experienced a drop, falling below the 26% mark.

Read more
The ASUS ROG Ally handheld gaming PC has a nice discount today
Starfield running on the Asus ROG Ally.

If you love the power of gaming PCs and the portability of the Nintendo Switch, you should think about getting a handheld gaming PC like the Asus ROG Ally. If you're interested, it's currently on sale from Walmart with an $87 discount that pulls its price down to $400 from $487. It's a pretty popular device so we expect this offer to attract a lot of attention, which means it's probably not going to last long. If you want to get this handheld gaming PC for this cheap, you should proceed with the transaction immediately.

Why you should buy the Asus ROG Ally handheld gaming PC
It's the version of the Asus ROG Ally with the AMD Ryzen Z1 Extreme that's listed in our roundup of the best handheld gaming PCs, but the Asus ROG Ally Z1 is still a worthwhile purchase because it gives you a gaming PC that you can bring with you wherever you go. Unlike a gaming laptop that's still pretty bulky with its large screen and keyboard, the Asus ROG Ally takes on the form of a portable gaming console like the Nintendo Switch, but with Windows 11 pre-installed as a familiar operating system to navigate and launch the best PC games.

Read more