Go to listing page

New Alchimist C2 Framework Targets Windows, Linux, macOS

New Alchimist C2 Framework Targets Windows, Linux, macOS
Cisco Talos researchers came across a new attack and C2 framework known as Alchimist, which is capable of targeting macOS, Windows, and Linux. Furthermore, researchers spotted a new malware, named Insekt—an Alchimist's beacon implant—with remote administration functionalities. Both the binaries are implemented in Golang.

Diving into details

  • Alchemist is an easy-to-use framework that allows its operators to generate and configure payloads that can capture screenshots remotely,  perform remote shellcode execution, and run arbitrary commands.
  • It supports a custom infection mechanism for dropping the Insekt RAT on devices.
  • While Alchimist C2 servers deliver commands to be executed, Insekt executes them on infected devices. 
  • In addition to this, the RAT can serve as a proxy, perform port and IP scans, manipulate SSH keys, and execute shellcode. 

Why this matters

The Alchimist framework is another in line of frameworks that offers less-sophisticated threat actors the opportunity to launch their own attacks. Moreover, these kinds of frameworks have high quality, rich features, good detection evasion capabilities, and effective implant-dropping functions. Even advanced cybercriminals can use Alchimist to minimize their operational expenditures or coordinate with random malicious traffic to evade attribution. 

Lowering the entry barrier

  • Lately, a new PhaaS platform was introduced, dubbed Caffeine, that features open registration. This implies that anyone, including wannabe threat actors, can launch sophisticated phishing campaigns. 
  • Last month, researchers discovered another PhaaS platform, named EvilProxy, that allows hackers to bypass MFA. The service is offered on a  subscription basis and can compromise Facebook, Apple, Google, and GitHub customer accounts, among others.

The bottom line

The discovery of Alchimist demonstrates how rapidly bad actors are adopting off-the-shelf C2 frameworks to conduct their operations. Once they gain privileged access to victims’ systems, they can cause significant impacts on victim organizations.
Cyware Publisher

Publisher

Cyware