Nood RAT Used In Attacks Against Linux Targets
Nood RAT a variant of the Gh0st RAT malware targeting Windows systems has been active in attacks since around 2018. It disguises itself by changing its process name and encrypts its configuration and communication using the RC4 algorithm. This encryption includes using a unique key based on the current time making network-based detection challenging. The malware enables attackers to execute remote commands manage files establish Socks proxies and perform port forwarding facilitating data theft and lateral movement within compromised networks.