DestroyRAT

DestroyRAT Description

Part of a line of Trojans used for corporate and government espionage, the DestroyRAT is a Trojan including all the standard capabilities needed for third parties to control an infected PC from a remote server. Besides these features, the DestroyRAT also may install new threats that represent other security risks, and may be installed by specialized Trojan droppers embedded in fake documents for Microsoft Office. Because DestroyRAT may use semi-sophisticated means to hide its components, deleting a DestroyRAT with anything other than proper anti-malware software is not advised by malware researchers.

The Little RAT in Your E-mail Messages

The DestroyRAT is one of the many cases of a backdoor Trojan used as a spearhead in against non-profit organizations, international companies like Google and even, in some cases, governments and their contractors. Although its most thoroughly-analyzed campaigns have been in Asia, the DestroyRAT and similar threats also are seen in meaningful attacks throughout Europe and America. Most of these incidents involved e-mail messages with disguised Trojans, bearing the file names of Excel spreadsheets or Word documents. Opening the files launched various vulnerabilities to allow the installation of the DestroyRAT, although many companies later released patches to close these bugs.

Outside of its somewhat illustrious history, the DestroyRAT is a backdoor Trojan that includes standard attack functionality. As is implied by its name (a Remote Administration Trojan), the DestroyRAT makes contact with its remote server through a random network port. From this server, third parties may issue general commands, install new software (including other Trojans or RATs, such as PoisonIvy) or collect data. In some cases, a DestroyRAT may be a mere mid-point in an attack effort, prior to the threat authors achieving full analysis of a compromised PC, but after achieving threat permanency.

Destroying a Destroyer of PC Security in Turn

Among English publications, PlugX is the DestroyRAT's most widely-used alias, but others, including Sogu and Kaba, also abound. This proliferation of aliases partially is due to the behavior of Axiom, a Chinese hacker group that regularly updates and re-releases variants of its old Trojans. Other threats also related to the group responsible for the DestroyRAT include Mdmbot, Deputy Dog, Darkmoon, My Door and Derusbi. Most of these threats also include similar payloads to the DestroyRAT, and occupy a point in their respective attack campaigns heavily reminiscent of this backdoor Trojan's role.

Ordinary e-mail safety procedures are effective stopping points for many known distribution methods of the DestroyRAT. If prevention should fail to make a difference, you should resort to anti-malware solutions capable of deleting a DestroyRAT along with other threatening software, up to and inclusive of rootkits. Even with the successful disinfection of a compromised machine, you also may need to take additional steps to secure information that could transfer to unsafe hands during the infection's lifespan.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to DestroyRAT may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: November 2, 2013

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.