- Criminals found using Skype to deliver images hiding malware
- The victims were mainly SMEs in the Middle East
- Malware is new, but seems to have distant parents
The cybercriminals were found using Skype Messenger to deliver malware remotely accessible access (RAT), compromising the victim’s computers and opening the doors for devastating attacks on the stadium.
Kaspersky’s cybersecurity researchers have recently discovered a previously invisible malicious variant called Godrat distributed via malicious screen saving files, disguised as financial documents.
Exceptionally, the disbelievers delivered malware to their victims via Skype Messenger until March 2025, when they pivoted on other channels.
Malware Godrat spreads
First of all, pirates would share false financial data in an image file. Using Steganography, they would mask Shellcode in files which, when activated, download the Godrat malware from a third -party server.
The details of the Rat Harm Harvest operating system, the local host name, the name of the malware process and the process ID, the user account associated with the malicious software process, installed antivirus software and the presence of a capture pilot.
After that, Godrat can receive additional plugins, according to initial information shared with the attackers. These plugins can be file explorers or password thieves.
In some cases, the crooks used Godrat to deploy Asyncrat, a secondary implant which gave them prolonged, if not permanent access.
“Godrat seems to be an evolution of Awesomepuppet, which was reported by Kaspersky in 2023 and is probably linked to the Winnti Apt. His distribution methods, rare command lines, code similarities with a GH0ST rat, and shared artifacts – like a security head worthy of Kaspersky.
“The discovery of Godrat shows how such tools known for a long time can remain relevant in the landscape of today’s cybersecurity”, “,”
Kaspersky has not discussed the number of victims or the potential success rate of the campaign, but he stressed that the victims were mostly small and medium -sized enterprises (SMB) in water, Hong Kong, Jordan and Lebanon.
