Home Malware Programs Remote Administration Tools AVLay RAT

AVLay RAT

Posted: July 26, 2019

The AVLay RAT is a Remote Access Trojan that includes banking attacks for compromising users' bank accounts. The AVLay RAT can establish an overlay that gives attackers total control over the PC while locking out the regular user and facilitates data exfiltration and bank-themed tactics. All users should have anti-malware tools delete the AVLay RAT immediately as an extreme danger to their PC, privacy, and finances.

A Trojan that's Easier to Use than Ever Before

The hotbed of banking Trojans in Brazil and nearby areas of South America makes it a likely place for looking at backdoor Trojans with features for assisting their thefts. An in-depth examination of the AVLay RAT's operations, thanks to simulated infections through the efforts of IBM's X-Force team, shows how total that control is. With its help, he or she acquires unmitigated system access – with overlays that are part and parcel of the AVLay RAT.

The AVLay RAT is classifiable as being both a banking Trojan and a Remote Access Trojan accurately. The AVLay RAT offers significant control features, but to compromise bank accounts and cryptocurrency wallets. The Delphi-coded Trojan listens for instructions from a C&C server before setting up a transparent graphical overlay. This element serves two purposes: locking the users out of their system and giving the remote attacker total interactivity potential.

A criminal could use the AVLay RAT for manually logging into an account or make a transfer after its owner does the logging in for them. However, malware analysts also warn that the AVLay RAT can do more than that. The Trojan supports keylogging (or recording keyboard-typed data), rebooting, self-uninstallation, and a live chat session between the hacker and victim.

Cutting a RAT Out of Your Financial Transactions

The AVLay RAT's addition of the chatting element is a point of emphasis on possible social engineering tactics. Threat actors are likely of using such features for tricking users into providing credentials to them, in the disguise of a banking transaction or authentication process. Naturally, the extreme invasiveness of the AVLay RAT's feature set makes it equally possible that criminals could breach the rest of a local network. They also may conduct additional attacks besides banking-related ones.

Isolating a compromised system from the Internet (and the AVLay RAT's Command & Control infrastructure) is a necessary, first step for countering all infections. Malware experts also recommend detaching the computer from any other network-connected machines and changing passwords after dealing with the attack. Anti-malware products with updated databases stand the best chance of deleting the AVLay RAT without undue interference.

It's easily understandable why a criminal would want access to someone's bank account, and the AVLay RAT serves that accessibility up on a platter. Even worse, a victim can escalate the problem by cooperating with the Trojan's tactic artists – if they're not well-informed about the dangers.

Loading...