Skip to main content

This dangerous hacking tool is now on the loose, and the consequences could be huge

A dangerous post-exploitation toolkit, first used for cybersecurity purposes, has now been cracked and leaked to hacking communities.

The toolkit is being shared across many different websites, and the potential repercussions could be huge now that it can fall into the hands of various threat actors.

Related Videos
Brute Ratel logo.
Bleeping Computer

This could be bad. The post-exploitation toolkit in question, called Brute Ratel C4, was initially created by Chetan Nayak. Nayak is an ex-red teamer, meaning that his job included attempting to breach the securities of a given network, which was being actively defended by those on the blue team. Afterward, both teams discuss how it went and whether there are some security flaws to improve upon.

Brute Ratel was created for that exact purpose. It was made for “red teamers” to use, with the ultimate purpose of being able to execute commands remotely on a compromised network. This would then grant the attacker access to the rest of the network in an easier way.

Cobalt Strike is seen as a similar tool to Brute Ratel, and that tool has been heavily abused by ransomware gangs, which is why it’s fairly easy to detect. Brute Ratel has not been quite as widely spread up until now, and it has a licensing verification system that mostly kept the hackers at bay. Nayak is able to revoke the license of any company found to be fake or misusing the tool.

Unfortunately, that’s now a thing of the past, because a cracked version of the tool started to circulate. It was first uploaded to VirusTotal in its uncracked state, but a Russian group called Molecules was able to crack it and entirely remove the licensing requirement from it. This means that now, any potential hacker can get their hands on it if they know where to look.

Will Thomas, a cyber threat intelligence researcher, published a report on the cracked version of the tool. It has already spread to many English and Russian-speaking communities, including CryptBB, RAMP, BreachForums, Exploit[.]in, Xss[.]is, and Telegram and Discord groups.

Person typing on a computer keyboard.

“There are now multiple posts on multiple of the most populated cybercrime forums where data brokers, malware developers, initial access brokers, and ransomware affiliates all hang out,” said Thomas in the report. In a conversation with Bleeping Computer, Thomas said that the tool works and no longer requires a license key.

Thomas explained the potential dangers of the tech, saying, “One of the most concerning aspects of the BRC4 tool for many security experts is its ability to generate shellcode that is undetected by many EDR and AV products. This extended window of detection evasion can give threat actors enough time to establish initial access, begin lateral movement, and achieve persistence elsewhere.”

Knowing that this powerful tool is out there, in the hands of hackers who should never have gained access to it, is definitely scary. Let’s hope that antivirus software developers can tighten the defenses against Brute Ratel soon enough.

Editors' Recommendations

Uncontrollable iPhone calls to 911 last fall could have been a huge cyberattack
iphone se

Repeated calls to the 911 emergency number may be cause for an emergency in and of itself. Last October, an iOS exploit resulted in a number of iPhones dialing 911 over and over again without any user input. For 12 hours on October 25 and October 26, at least 12 states including California, Florida, and Texas saw what is now said to be "the largest-ever cyberattack on the country's emergency-response system," according to a new report from The Wall Street Journal.

The 911 system has been in place for nearly five decades, first becoming the official emergency number of the United States in 1968. And with the age of the technology comes fears of its weaknesses, and the October cyberattack served only to underscore those concerns. “I don’t want to be alarmist, but it’s an emerging crisis,” retired Rear Adm. David Simpson told the Journal. For three years, Simpson oversaw emergency management and cybersecurity at the FCC during the Obama administration.

Read more
Several Epic Games forums were hacked; change your passwords now
paragon

The forums for Epic Games were hacked today, just the latest reminder of the dangers of using one password for all of your sites.

Odds are it won't ruin your life if someone steals your Epic Games forum account and starts posting unpopular opinions about Infinity Blade or Unreal. But if you use the same password on that site as you do for your email, or your bank, you're kind of screwed unless you change those passwords quickly.

Read more
Watch ChatGPT come to life by powering this holographic AI companion
Looking Glass CEO, Shawn Frayne asks the holographic AI to complete the lyrics to the Rick Astley song Never Gonna Give You Up

ChatGPT is quickly being developed beyond its standard functionality on browsers and computer-based programs. One company has even created a "holographic AI companion" that uses the chatbot to bring its vision to life.

The company called Looking Glass recently shared on Twitter several demos of people interacting with its holographic AI companion, called Uncle Rabbit, which is able to communicate back-and-forth in real time with humans, while also completing tasks that people request.

Read more