Atilla
Atilla is a Remote Access Trojan and spyware program that gives threat actors access to your computer and helps them collect confidential information. It poses a high risk to passwords, especially, and requires no programming knowledge from the threat actor that operates as its administrator. Let your anti-malware programs identify and remove Atilla proactively and, if you confirm an infection, be ready to change all of your login information after disinfecting the system.
Online Theft Gets Easier than Ever
A new RAT is selling on the underground Web through both various forums and a host website. The program, Atilla, offers different options for surveying and collecting valuable information, along with the other, system-controlling features that define most RATs. While malware experts see no inclinations of Atilla's being anything other than threatening, its authors are hiding their business behind a not-very-plausible pretense of providing password-retrieval software.
The focus of Atilla, or as its threat actors are calling it, 'Atilla Stealer,' is its theft of passwords, copy-pasted clipboard data, and taking screenshots for capturing any information that the other features miss. Some of the secondary, less-emphasized functions that this threat leverages include:
- Atilla may display fake Windows dialog boxes or other pop-ups that imitate system alerts.
- Atilla may add other programs to the Startup list in Windows for launching them by default.
- Other programs' shortcuts may have their icons changed to ones that Atilla selects.
- Anti-Virtual Machine features can prevent Atilla from running in a VM and slow down analysis attempts from the PC security industry.
There also is a 'melt file' feature that malware experts haven't fully analyzed, which may reference Atilla's capability for self-deletion or involve securely deleting other files, such as backups. For coordinating all of these attacks, Atilla uses a black UI panel that threat actors rent access to by paying for a temporary license. Consequently, they don't need any programming skill for deploying Atilla and exfiltrating information.
Putting the Hun Back in the Soil
Atilla, whose name is a Turkish variant of the more well-known 'Atilla,' bears many of the characteristics of a for-profit enterprise by threat actors with limited experience. Although more threatening to users than the average product of a 'script kiddy' style programming attempt, it also lacks the sophisticated engineering of a state-sponsored threat actor's work. Moreover, its infection methods are subject to high variability, since different criminals can hire and use it at will.
Avoiding passwords that are easily cracked, turning off RDP, closing ports that aren't necessary for day-to-day communications, and being cautious about unusual e-mail attachments or links will slow down or remove most of the infection sources that threat actors are using in 2019. Malware experts also advise either avoiding torrents or scanning each download before opening it. Anti-malware tools should detect and delete Atilla, as usual, although they may identify it as being a generic RAT.
Getting rid of Atilla doesn't, unfortunately, solve the problem of infection in its entirety. Unlike real-world goods, a password isn't something that the victim of a robbery can get back safely, and all PC users should remember that.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.