Spotted by Trend Micro, the remote access trojan (RAT) named BIOPASS, piggybacks inside installers for Adobe Flash Player and Microsoft Silverlight, both of which have been deprecated by their respective developers.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.
“What makes BIOPASS RAT particularly interesting is that it can sniff its victim’s screen by abusing the framework of Open Broadcaster Software (OBS) Studio, a popular live streaming and video recording app, to establish live streaming to a cloud service via Real-Time Messaging Protocol (RTMP),” shares Trend Micro.
Trend Micro spotted BIOPASS in recent attacks, in what is known as a watering hole attack, against online gambling companies in China.
Although Trend Micro isn’t sure about the identity of the threat actors behind the RAT, it has found several pieces of evidence during its investigations to suggest that the malware could’ve been engineered by Chinese state-sponsored actors known as Winnti or APT41.
While state-sponsored threat actors are usually tasked to launch attacks across their borders, interestingly, Trend Micro notes that BIOPASS has several features that indicate that it is designed to target and steal the victim’s private information primarily from the web browsers and instant messengers that are popularly used in China.