This dangerous hacking tool is now on the loose, and the consequences could be huge

A dangerous post-exploitation toolkit, first used for cybersecurity purposes, has now been cracked and leaked to hacking communities.

The toolkit is being shared across many different websites, and the potential repercussions could be huge now that it can fall into the hands of various threat actors.

Bleeping Computer

This could be bad. The post-exploitation toolkit in question, called Brute Ratel C4, was initially created by Chetan Nayak. Nayak is an ex-red teamer, meaning that his job included attempting to breach the securities of a given network, which was being actively defended by those on the blue team. Afterward, both teams discuss how it went and whether there are some security flaws to improve upon.

Recommended Videos

Brute Ratel was created for that exact purpose. It was made for “red teamers” to use, with the ultimate purpose of being able to execute commands remotely on a compromised network. This would then grant the attacker access to the rest of the network in an easier way.

Cobalt Strike is seen as a similar tool to Brute Ratel, and that tool has been heavily abused by ransomware gangs, which is why it’s fairly easy to detect. Brute Ratel has not been quite as widely spread up until now, and it has a licensing verification system that mostly kept the hackers at bay. Nayak is able to revoke the license of any company found to be fake or misusing the tool.

Unfortunately, that’s now a thing of the past, because a cracked version of the tool started to circulate. It was first uploaded to VirusTotal in its uncracked state, but a Russian group called Molecules was able to crack it and entirely remove the licensing requirement from it. This means that now, any potential hacker can get their hands on it if they know where to look.

Will Thomas, a cyber threat intelligence researcher, published a report on the cracked version of the tool. It has already spread to many English and Russian-speaking communities, including CryptBB, RAMP, BreachForums, Exploit[.]in, Xss[.]is, and Telegram and Discord groups.

Image used with permission by copyright holder

“There are now multiple posts on multiple of the most populated cybercrime forums where data brokers, malware developers, initial access brokers, and ransomware affiliates all hang out,” said Thomas in the report. In a conversation with Bleeping Computer, Thomas said that the tool works and no longer requires a license key.

Thomas explained the potential dangers of the tech, saying, “One of the most concerning aspects of the BRC4 tool for many security experts is its ability to generate shellcode that is undetected by many EDR and AV products. This extended window of detection evasion can give threat actors enough time to establish initial access, begin lateral movement, and achieve persistence elsewhere.”

Knowing that this powerful tool is out there, in the hands of hackers who should never have gained access to it, is definitely scary. Let’s hope that antivirus software developers can tighten the defenses against Brute Ratel soon enough.

Editors' Recommendations

Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
Update your Google Chrome browser now: New exploit could leave you open to hacks

If you’re a Google Chrome user, you should update the browser immediately. Google released a software update to the browser late yesterday evening that patches two zero-day vulnerabilities to the browser that could potentially allow the browser to be hijacked by hackers.
One of the vulnerabilities affects Chrome’s audio component (CVE-2019-13720) while the other resides in the PDFium (CVE-2019-13721) library.
Hackers can corrupt or modify the data in Chrome’s memory using the exploit, which will eventually give them access to the computer as a whole.
One of the exploits, CVE-2019-13720 has been discovered in the wild by researchers at Kaspersky.
Google says that the update to the browser will be rolling out to users automatically over the coming days and weeks.
That said, if you’re a Chrome user it would be more prudent for you to go ahead and do that update manually right now instead.
To make it happen you’ll want to launch Chrome on your computer and then click on “Chrome” in the menu bar followed by “About Chrome.” That will launch the Settings menu. From there,  click “About Chrome” at the bottom of the menu on the left. That will likely trigger an automatic update if yours hasn’t already happened. If it doesn’t, you’ll see a button to manually update the browser as well.
Once you update the browser you should be good to go without fear of the security threat becoming an issue. Last month many Mac users ran into issues with Google Chrome when it seemed to send computers into an endless reboot cycle.
An investigation by Mac enterprise and IT blog Mr. Macintosh found that the issue was actually a bug that deletes the symlink at the/var path on the Mac it’s running on, which essentially deletes a key in the MacOS system file.
That issue only impacted Macs where the System Integrity Protection (SIP) had been disabled. The issue particularly impacted older Macs that were made before SIP was introduced with OS X El Capitan in 2015.
All this comes as Google is gearing up to launch some major updates to Chrome, including one update that will change how you manage tabs using the browser. That update is expected to roll out later this year.

Read more
This Lenovo laptop is usually $1,700 — today it’s $847

If you're looking for a new laptop that will have no problem keeping up with your daily workload, you should check out the sixth-generation Lenovo ThinkBook 16, especially now that it's on sale from Lenovo at 51% off. From its original price of $1,729, it's down to a more affordable $847, which is excellent value when you consider the capabilities of this machine. You need to complete the purchase as soon as possible if you want the $882 in savings though, because there's a chance that it's already gone by tomorrow.

Buy Now

Read more
The Dell XPS 15, 16 and 17 all have huge discounts today

There's always high demand for Dell XPS deals because these laptops offer a combination of dependable performance and stylish designs. Three Dell XPS laptops are on sale right now with huge discounts from Dell, including the final versions of two models as they're being retired by the Dell XPS reset -- the Dell XPS 15, which is down to $1,199 from $1,499 for savings of $300, and the Dell XPS 17, which is down to $1,999 from $2,909 for savings of $910. In addition, the Dell XPS 16, one of the new models in the line of laptops, is also already discounted from Dell at $600 off, slashing its price to $2,949 from $3,549.

If you're interested in taking advantage of any of these offers, we recommend that you proceed with the purchase immediately because we're not sure how much time is remaining before they expire. This is particularly true for the Dell XPS 15 and Dell XPS 17, as once their stocks are gone, you may never get another chance at buying these laptop deals.
Dell XPS 15 -- $1,199, was $1,499

Read more