Hackers Deploy Babylon RAT Targeting Malaysian Government and Politicians

Published on September 5, 2024
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer

A sophisticated malicious campaign was seen targeting political figures and government officials in Malaysia with Babylon RAT. Active since July, this campaign employs malicious ISO files designed to infiltrate and compromise high-profile individuals and institutions, the latest report from Cyble Research and Intelligence Lab (CRIL) said.

The attack mechanism involves ISO files that package several malicious components, including a shortcut file, a hidden PowerShell script, a malicious executable, and a decoy PDF file crafted to mislead users into believing they are engaging with legitimate documents. 

While the initial infection vector is unclear, the lure documents include topics such as political concerns in Malaysia and the Majlis Amanah Rakyat (MARA), a Malaysian government agency. Other documents targeted Malaysian government officials who use the MyKHAS platform.

Malaysian Hacker Mail
Image Sorce: Cyble

Once executed, these files initiate a series of actions culminating in the deployment of the Babylon RAT (Remote Access Trojan). This Trojan is known for its robust surveillance and data theft capabilities—keylogging, clipboard monitoring, password exfiltration, and remote command execution—while also maintaining persistence and evading detection by security tools.

The RAT can also launch Distributed Denial-of-Service (DDoS) attacks and make the host act as a SOCKS proxy to capture network traffic from multiple infected hosts, bypassing network security measures.

Babylon RAT Infection Path
Image Sorce: Cyble

Security researchers have seen a recurring pattern associated with the threat actor behind this campaign, as previous attacks targeting Malaysian entities have utilized Quasar RAT, another open-source remote access Trojan. This aspect indicates a sustained focus on high-profile targets within the region.

Quasar RAT is an open-source RAT widely used by malicious actors, mainly in phishing campaigns. It offers a rich set of capabilities and is freely available on public repositories. 

A modified version of the espionage Quasar RAT was used as a banking Trojan to target customers of financial institutions in Colombia.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: