Security researchers found a sophisticated remote access trojan that has resurfaced after more than a decade since it was first released. The new malware, dubbed “Hacker’s Door” by researchers at Cylance, is operated by what’s thought to be a Chinese advanced persistent threat hacker group known as Winnti. The malware has many similarities to a remote access trojan (RAT) of the same name that first debuted in 2004 but was updated with new features in 2005.
The research, published Tuesday, found the new malware is largely based on the decade-old malware, but it has been adapted and modified to infect newer 64-bit systems. The new version comprises of a backdoor and a rootkit, allowing the malware access to the operating system’s core, which gives the attacker access to system information, listing processes, and running commands. The researchers also found the malware can grab screenshots and files, covertly download additional tools, and open telnet and remote access port. The tool can also extract Windows user’s credential from the current session and grab system information.