Aggah is a Trojan downloader that may install a Remote Access Trojan (otherwise known as a RAT) or conduct other attacks against your computer. Threat actors are distributing this Trojan through corrupted Word documents that will prompt for enabling their additional content. Users can scan any files from suspicious sources for letting anti-malware products identify the threat or remove Aggah afterward with the same software.
The Ravenous RATs That Documents Wield
The misuse of text documents' features tends to be one of the easiest vehicles for Trojans to gain access to a PC or smartphone. Previous, still-recent attacks utilizing threats like file-locking Trojans from Ransomware-as-a-Service families and state-sponsored spyware offer subtle exploits that the readers fail at noticing after clicking. In many cases, such as Aggah, the price that they pay is tantamount to 'handing the keys' of their computer over to an unseen attacker.
Besides its downloads, malware experts can confirm Aggah's conducting anti-security attacks along the way, such as disabling Windows Defender. However, before it does any of these things, the user has to agree to several prompts, which are the only warnings of the attack. The Word file will ask that readers 'view in desktop,' 'enable editing,' and 'enable content' before loading the rest of the payload. This caveat applies to all modern versions of Word, which disable advanced, macro-based content by default – due to the security risk.
Getting Your Revenge on the RevengeRAT's Enabler
Aggah, which gets its title from the 'Haggah' alias of its threat actors, is, theoretically, capable of distributing more threats than just that Remote Access Trojan. Other features that are working in its payload include various filesystem-oriented, shell commands, as well as Registry changes that can hamper both security utilities and productivity software like Microsoft Office definitively. The second of these inclusions could be Aggah's covering the tracks of its infection vectors, which can give it more time for spreading throughout local networks.
Updating Word software and leaving macros and similarly-advanced content inactive will stop both Aggah and an incredible breadth of other drive-by-download attacks. Malware analysts recommend always leaving macros off unless you know and trust the sender of a document. Similar exploits may use other products, such as outdated versions of Adobe's PDF Reader, without requiring any consent.
The industries at risk from Aggah's current attacks include financial companies such as banks, marketing companies, and unspecified segments of both the education sector and national governments. Windows users should have all environments appropriate protected by anti-malware programs that should be capable of deleting Aggah without letting its downloads trigger.
Aggah uses a template-injecting tactic for turning the building blocks of file formats like DOCX documents and PPTX spreadsheets into launching pads for its attacks. Anyone who isn't willing to play the host to a RevengeRAT infection should remember that modern software has vulnerabilities, too, just like the old equivalents.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Aggah may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.