NodeCordRAT Propose Change

NodeCordRAT is a sophisticated, cross-platform Remote Access Trojan (RAT) and info-stealer authored in Node.js, specifically engineered to exploit the software supply chain via compromised or typosquatted NPM packages. Once integrated into a developer's environment, it establishes a persistent C2 connection to facilitate Remote Code Execution (RCE) through a remote shell. Its primary objective is the exfiltration of high-value assets, including decrypted Google Chrome credentials, MetaMask cryptocurrency wallets, and sensitive .env developer secrets. Beyond data theft, NodeCordRAT provides attackers with full-spectrum surveillance capabilities, including live screen capture, comprehensive file system manipulation, and granular system discovery across Windows, macOS, and Linux.

References

There is no Yara-Signature yet.