Pen testing
C2
Nosviak4 is a backdoor and Remote Access Trojan (RAT) used for espionage. First seen in 2024, it has been used in multiple espionage campaigns. It allows access to compromised systems, to monitor, exfiltrate data and execute commands remotely. It’s stealthy and powerful, a threat to targeted orgs.
Nosviak4 is a C2 app and supports multiple callback protocols (Mirai, Qbot). Allows attackers to get persistent access and remote control of infected machines. Despite its capabilities, it’s not been researched or scrutinized as much as other systems.
Cybercrime and Espionage
The malware is used for botnet activities and provides DDoS and proxy services under the guise of "stress testing" tools. The infrastructure of Nosviak4 is spread across multiple countries, making attribution hard. It’s flexible and can be used for espionage, and financial fraud.
Evolving Threat and Future Risks
Researchers have seen the presence of Nosviak4 increasing, but there’s not much analysis. The fact that the source code is in underground repositories means it can evolve further and new, more complex variants can emerge. The number of infected hosts is growing, and it can scale into a bigger and more dangerous threat.
The Nosviak malware family has multiple variants, Nosviak2 and Nosviak4. These have different functionality and level of sophistication. Nosviak2 source code was found in underground GitHub repositories, used in multiple botnet operations.
Monitor network for unusual traffic patterns of C2 communications.
Keep systems up to date and patch vulnerabilities exploited by Nosviak4.
Deploy IDS with Nosviak4 IOCs signatures.
Educate staff on phishing and social engineering tactics to prevent initial infection vectors.
Nosviak4 is used in botnet operations offering DDoS and proxy services under the guise of "stress testing" tools. These services target multiple industries, gaming and online services, by disrupting their operations.
The threat actors behind Nosviak4 are not known. But the infrastructure of Nosviak4 is big, over 150 hosts in 20 countries and autonomous systems. This means a coordinated effort from a group or multiple entities.
