NetDooka is a new malware spread by pirated software downloads. TrendMicro cybersecurity experts: The vehicle is the PrivateLoader pay-per-install (PPI) distribution service. The final payload is a multi-functions RAT

NetDooka is a new malware being spread via the PrivateLoader pay-per-install (PPI) distribution service. It has been discovered by Trend Micro cybersecurity experts. The framework contains multiple parts, including a loader, a dropper, a protection driver, and a full-featured remote access trojan (RAT) that implements its own network communication protocol. The infection starts when a user inadvertently downloads PrivateLoader, usually through pirated software downloads, followed by the installation of the first NetDooka malware, a dropper component that is responsible for decrypting and executing the loader component. he loader then performs certain checks to ensure that it is not running in a virtual environment, after which it downloads another malware from the remote server. It might also install a kernel driver for future use. It is another dropper component that is executed by the loader, responsible for decrypting and executing the final payload: a full-featured RAT containing multiple capabilities such as starting a remote shell, grabbing browser data, taking screenshots, and gathering system information.