GovRAT is an advanced Remote Access Trojan that is being sold on the Dark Web openly at the price of $1,000. However, cybercriminals who are interested in obtaining the source code of the threat also can pay $6,000 to get their hands on the full software package that will enable them to tailor GovRAT's modules according to their own needs. There are strong suspicions that the GovRAT might have been used in attacks against high-profile government and military targets, and it is possible that several Advanced Persistent Threat (APT) actors may have opted to pay for this hacking tool.
An Advanced RAT Employed in Attacks against Government Officials
While there are many free Remote Access Trojans (RATs) available online, none of them can come close to the features and anti-sandbox tricks that the GovRAT possesses. The price tag alone shows that this is a serious project meant to be used against high-profile targets – the authors of the project have released several versions of GovRAT, and the software was sold on a public domain previously.
Some of the key features that GovRAT has are:
- Ability to evade anti-virus engines and malware analysis environments.
- Automatic spreader that works by infecting removable storage devices (e.g., USB drives) and enables the malware to proliferate laterally through a network.
- Ability to collect files, upload/download files, and manage the victim's file system.
- A keylogger module that exfiltrates data via HTTP transfers.
- Execute arbitrary code on the compromised host.
The authors of the GovRAT have used a very bold marketing strategy – they used the product to target U.S. government officials apparently, and offered to sell a list of email credentials used by the government personnel. Not only this is a profitable business for these cybercriminals, but it also serves as a good showcase of GovRAT's capabilities.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to GovRAT may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.