Cisco Talos has discovered a new remote access trojan (RAT) they’re calling “MagicRAT,” developed and operated by the Lazarus APT group, which the U.S. government believes is a North Korean state-sponsored actor.
The discovery of MagicRAT in the wild is an indication of Lazarus’ motivations to rapidly build new, bespoke malware to use along with their previously known malware such as TigerRAT to target organizations worldwide.
MagicRAT is programmed in C++ programming language and uses the Qt Framework by statically linking it to the RAT on 32- and 64-bit versions. The Qt Framework is a programming library for developing graphical user interfaces, of which this RAT has none. Talos believes that the objective was to increase the complexity of the code, thus making human analysis harder.