Bifrost RAT Adds Innovative Technique To Evade Detection
A new Linux variant of the Bifrost remote access Trojan (RAT) has emerged utilizing a deceptive domain download.vmfare[.]com to avoid detection.This domain imitates the legitimate VMware domain enabling the malware to bypass security measures and compromise targeted systems. Bifrost initially identified in 2004 allows attackers to gather sensitive information such as hostname and IP address. Once installed the malware collects user data and transmits it to the attackers server using RC4 encryption. Additionally research has uncovered that the malicious IP address hosts an ARM version of Bifrost suggesting an expansion of the attackers target scope to ARM-based devices which are becoming increasingly prevalent. This trend indicates a likelihood of cybercriminals incorporating ARM-based malware into their tactics.