Suche
Mein Konto
Nezha: The invisible cyber weapon threatens companies – how do you protect yourself?
Security researchers warn against misusing the open source tool Nezha as a cyber weapon. Attackers gain unauthorized access.
Nezha: The invisible cyber weapon threatens companies – how do you protect yourself?
In recent weeks, a well-known monitoring tool is causing a stir in the cybersecurity community. The open source program Nezha, originally developed for monitoring servers in the IT community, is increasingly being abused by attackers. As the Ad Hoc News According to reports, hackers are using Nezha as a Remote Access Trojan (RAT) to silently penetrate corporate networks and set up shop there. In brutal attacks, they use the “living-off-the-land” tactic, which allows them to remain almost invisible in data traffic.
What is particularly alarming is that Nezha, which has almost 10,000 positive reviews on platforms such as GitHub, has so far been classified as harmless by common security software. A compromised Nezha tool, which is installed on affected systems using a special bash script, had a zero detection rate in an audit of 72 antivirus vendors on VirusTotal. This makes it easy for attackers to gain SYSTEM or root access without having to exploit additional vulnerabilities.
The Nezha infrastructure
As the Ontinue AG found out, the Nezha agent is installed via a bash script that secretly establishes a connection to an infrastructure controlled by the attackers. This infrastructure, hosted on Alibaba Cloud servers in Japan, allows hundreds of endpoints to be monitored, indicating a massive compromise. The combination of web dashboard and agent communication over standard protocols results in network activity that is similar to normal monitoring data.
The Nezha agent is designed to provide comprehensive access to systems, including the ability to execute commands, use interactive shells, and manage files. The fact that Nezha is legitimate and unchanged makes it extremely difficult for security providers to detect and mitigate attacks.
Recommendations for prevention
To combat misuse of Nezha and similar tools, experts recommend rigorous audits of all remote monitoring and management tools. Organizations should limit outbound traffic to authorized networks and set up alerts for the installation of new services with SYSTEM privileges. In addition, network connections to unknown external IP addresses should be checked regularly in order to detect suspicious activities at an early stage.
The major challenges posed by such attacks are in particular focus. Loud Comparitech RATs have the potential to cause widespread data breaches and system damage. Detecting this malicious software is difficult because it often bypasses traditional security measures. Therefore, it is essential to invest in effective RAT detection tools to ensure the security of networks and data.
Cybercrime is reaching unprecedented levels and the future use of legitimate tools for malicious purposes is expected to be one of the dominant topics in 2026. Companies are well advised to prepare for the unforeseeable.