Skip to main content

This dangerous hacking tool is now on the loose, and the consequences could be huge

A dangerous post-exploitation toolkit, first used for cybersecurity purposes, has now been cracked and leaked to hacking communities.

The toolkit is being shared across many different websites, and the potential repercussions could be huge now that it can fall into the hands of various threat actors.

Brute Ratel logo.
Bleeping Computer

This could be bad. The post-exploitation toolkit in question, called Brute Ratel C4, was initially created by Chetan Nayak. Nayak is an ex-red teamer, meaning that his job included attempting to breach the securities of a given network, which was being actively defended by those on the blue team. Afterward, both teams discuss how it went and whether there are some security flaws to improve upon.

Brute Ratel was created for that exact purpose. It was made for “red teamers” to use, with the ultimate purpose of being able to execute commands remotely on a compromised network. This would then grant the attacker access to the rest of the network in an easier way.

Cobalt Strike is seen as a similar tool to Brute Ratel, and that tool has been heavily abused by ransomware gangs, which is why it’s fairly easy to detect. Brute Ratel has not been quite as widely spread up until now, and it has a licensing verification system that mostly kept the hackers at bay. Nayak is able to revoke the license of any company found to be fake or misusing the tool.

Unfortunately, that’s now a thing of the past, because a cracked version of the tool started to circulate. It was first uploaded to VirusTotal in its uncracked state, but a Russian group called Molecules was able to crack it and entirely remove the licensing requirement from it. This means that now, any potential hacker can get their hands on it if they know where to look.

Will Thomas, a cyber threat intelligence researcher, published a report on the cracked version of the tool. It has already spread to many English and Russian-speaking communities, including CryptBB, RAMP, BreachForums, Exploit[.]in, Xss[.]is, and Telegram and Discord groups.

Person typing on a computer keyboard.
Image used with permission by copyright holder

“There are now multiple posts on multiple of the most populated cybercrime forums where data brokers, malware developers, initial access brokers, and ransomware affiliates all hang out,” said Thomas in the report. In a conversation with Bleeping Computer, Thomas said that the tool works and no longer requires a license key.

Thomas explained the potential dangers of the tech, saying, “One of the most concerning aspects of the BRC4 tool for many security experts is its ability to generate shellcode that is undetected by many EDR and AV products. This extended window of detection evasion can give threat actors enough time to establish initial access, begin lateral movement, and achieve persistence elsewhere.”

Knowing that this powerful tool is out there, in the hands of hackers who should never have gained access to it, is definitely scary. Let’s hope that antivirus software developers can tighten the defenses against Brute Ratel soon enough.

Editors' Recommendations

Monica J. White
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
Update your Google Chrome browser now: New exploit could leave you open to hacks
Google Chrome Stock Photo

If you’re a Google Chrome user, you should update the browser immediately. Google released a software update to the browser late yesterday evening that patches two zero-day vulnerabilities to the browser that could potentially allow the browser to be hijacked by hackers.
One of the vulnerabilities affects Chrome’s audio component (CVE-2019-13720) while the other resides in the PDFium (CVE-2019-13721) library.
Hackers can corrupt or modify the data in Chrome’s memory using the exploit, which will eventually give them access to the computer as a whole.
One of the exploits, CVE-2019-13720 has been discovered in the wild by researchers at Kaspersky.
Google says that the update to the browser will be rolling out to users automatically over the coming days and weeks.
That said, if you’re a Chrome user it would be more prudent for you to go ahead and do that update manually right now instead.
To make it happen you’ll want to launch Chrome on your computer and then click on “Chrome” in the menu bar followed by “About Chrome.” That will launch the Settings menu. From there,  click “About Chrome” at the bottom of the menu on the left. That will likely trigger an automatic update if yours hasn’t already happened. If it doesn’t, you’ll see a button to manually update the browser as well.
Once you update the browser you should be good to go without fear of the security threat becoming an issue. Last month many Mac users ran into issues with Google Chrome when it seemed to send computers into an endless reboot cycle.
An investigation by Mac enterprise and IT blog Mr. Macintosh found that the issue was actually a bug that deletes the symlink at the/var path on the Mac it’s running on, which essentially deletes a key in the MacOS system file.
That issue only impacted Macs where the System Integrity Protection (SIP) had been disabled. The issue particularly impacted older Macs that were made before SIP was introduced with OS X El Capitan in 2015.
All this comes as Google is gearing up to launch some major updates to Chrome, including one update that will change how you manage tabs using the browser. That update is expected to roll out later this year.

Read more
Best Lenovo laptop deals: Save on Yoga and ThinkPad laptops
Lenovo Yoga 9i Gen 8 front angled view showing display and keyboard deck.

The best laptop deals often include models from some of the best laptop brands, which is company you’ll often find Lenovo keeping. Lenovo makes several laptop models that range in categories from budget to professional, and despite its clout Lenovo is regularly offering significant discounts on its laptops. That’s certainly the case right now, as the current Lenovo laptop deals may make you think twice about anything you’ve found among the best Dell laptop deals, best HP laptop deals, and best MacBook deals. We’ve tracked down all of the best Lenovo laptop deals you can show right now. They include models like the IdeaPad, the Legion, and the Yoga, as well as some impressive Lenovo ThinkPad deals. So read onward to shop the best Lenovo laptop deals going on right now and don’t hesitate to make a purchase if you see something you like.
Lenovo IdeaPad 1 — $200, was $250

The Lenovo IdeaPad 1 is a great alternative to the best budget laptops. It’s hard to beat this price tag when it comes to a Lenovo laptop, and even at this price point, the IdeaPad 1 doesn’t hold back on features. It has 14-inch HD display that’s great for binge watching on, and it’s about as portable as most laptops get, coming in at just over three pounds and not much more than half an inch thick. You’re able to connect an HD monitor to this laptop via HDMI connection, and a built-in webcam with privacy shutter and dual array microphone makes it a great way to keep in touch with family, friends, and colleagues.

Read more
How Apple plans to save the Vision Pro
A person wearing an Apple Vision Pro headset.

It’s no secret that Apple’s Vision Pro headset is the best advanced headset on the market, with powerful specs and an immersive experience that no rival can truly match. It’s also no secret that Apple has struggled to sell its device, given its $3,499 price tag puts it way out of reach of most consumers. Apple reportedly has a plan to turn things around, though -- yet it might not involve a Vision Pro headset at all.

According to the latest Power On newsletter from Bloomberg reporter Mark Gurman, Apple plans to launch a cheaper Vision Pro in late 2025 at the earliest, followed by a second-generation mainstream Vision Pro around late 2026. After that is a set of much-discussed augmented reality (AR) glasses, although Gurman believes these are still many years away.

Read more