RATs News, Articles and Updates

Fake updates push Chtonic, NetSupport RAT via Joomla and WordPress sites

Malwarebytes has examined a relatively new fake update scam that uses a combination of legitimate websites, a real cloud storage site and social engineering to pass along either a banking Trojan and remote access tool to its victims.

False software update leads users to get bitten by malware infection

Hackers abuse NetSupport to take control of victim's machines

New cross-platform backdoor 'Qrypter' RAT gaining prominence among hackers

A relatively recently launched (two years ago) Java-based remote access tool dubbed "Qrypter" is gaining popularity over existing cross-platform backdoors such as Adwind as an efficient Malware-as-a-Service (MaaS) platform.

SWIFT Grift: Fake financial messaging service emails deliver Adwind RAT

An email phishing campaign launched this month attempted to infect spam recipients with the Adwind cross-platform RAT by fooling them into thinking they received an important financial document from SWIFT financial messaging.

UBoatRAT targets firms in East Asia

A new remote access Trojan (RAT) has been discovered aiming at people and organisations based in South Korea. South Korea and video games companies affected.

Mysterious Felismus RAT poses powerful threat

Forcepoint Lab researchers spotted a remote access trojan (RAT) dubbed Felismus which has a modular construction that allows it to hide and or extend its capabilities.

Spyware that Vietnam Airlines posed as McAfee antivirus

A Malwarebytes analysis of the espionage toolkit that recently infected Vietnam Airlines revealed a modular variant of the Korplug remote access trojan (RAT) that in this case disguises itself as a McAfee antivirus program.

Italian RAT targets Android devices in China by IMEI codes

Researchers discovered a RAT that targets Android phones in China and Japan and appears to select victims based on their devices' IMEI codes.

Changing of the TidePool: Operation Ke3chang malware evolves as APT threat reappears

Operation Ke3chang, the APT that in 2013 was discovered targeting Europe-based Ministries of Foreign Affairs, not only apparently remains active but also seems to be leveraging a new family of malware called TidePool.

Into the Mind of a RAT operator

Both Dyre and Dridex Trojans now use a combination of local redirection and RAT to effectively escape detection by current anti-fraud and security tools, but Uri Rivner says real-time behaviour analysis can still spot the bad guys.

Arrested hackers revealed to be outfit behind MegalodonHTTP trojan

Norwegian police and Europol feel collars of five cyber-criminals who are believed to be behind the MegalodonHTTP RAT.

12 arrested in Europe for improper use of RATs

Europol and a variety of law enforcement around Europe were involved in an affair leading to 12 people being arrested for using remote access Trojans (RATs).

Hackers use Dropbox to target Hong Kong media

Hong Kong activists have been targetted via Dropbox according to FireEye, with the Chinese government the top suspects.

Last Word: Behavioural patterns & cloud

Using individual user's behaviour patterns can identify both the individual and Bot activity to thwart RATs says Uri Rivner

Gaza cyber-gang sending malware files to IT and IR personnel

A Middle Eastern cyber-group seeking higher levels of access to specific networks has turned its focus to IT security personnel.