'This strategic shift enhances stealthiness, making detecting and analyzing the attacker's activities more challenging.' 'LightlessCan mimics the functionalities of a wide range of native Windows commands, enabling discreet execution within the RAT itself instead of noisy console executions,' Kálnai said. tminiBlindingCan's main responsibility is to transmit system information and download files retrieved from a remote server, among others.Ī noteworthy trait of the campaign is the use of execution guardrails to prevent the payloads from being decrypted and run on any other machine other than that of the intended victim's. LightlessCan comes fitted with support for as many as 68 distinct commands, although in its current version, only 43 of those commands are implemented with some functionality. The attack paves the way for an HTTP(S) downloader referred to as NickelLoader, which allows the attackers to deploy any desired program into the memory of the victim's computer, including the LightlessCan remote access trojan and a variant of BLINDINGCAN referred to as miniBlindingCan (aka AIRDRY.V2).
