GovRAT
GovRAT is a Remote Access Trojan and worm that can spread throughout networks while offering features such as keyboard recording, transferring files, and remote code execution to its admin. Although its author received imprisonment for associated crimes involving botnet campaigns, the availability of its code makes future attacks possible. Users should let their anti-malware services delete GovRAT in all cases.
Trojans at Large Despite a Shackled Creator
GovRAT is a Remote Admin Trojan, a RAT, that provides backdoor-related features, along with data theft and network traversal, for any hackers hiring it. Its original author, Daniel Kaye, no longer is at liberty due to carelessness in his personal information online, allowing authorities to track down and arrest him. However, since GovRAT's source code was for sale, it, just like Hidden Tear, remains potentially at large in the wild for the indefinite future.
GovRAT is a sufficiently well fleshed-out RAT that its deployment has links to attacks against government entities, including military branches. Some samples of its most-pertinent features include uploading and downloading files, auto-mapping drive and network share information, keylogging (or recording the user's keyboard typing), and theft of passwords. While he sold it, Kaye also advertised it as being FUD, or fully-undetectable by security software. His service also included valid digital certificates for signing the executables.
The worm features of GovRAT also bear highlighting. The Trojan can create copies of itself for infecting USBs and other removable drives, which will compromise other PCs. Along with its network password-collecting features and related attacks, GovRAT is highly infectious within local networks and other non-secured groups of systems.
Exterminating a RAT without a Brain
Often, legal action against the creator of a RAT or backdoor Trojan spells the end of Trojan's misadventures in the wild. However, GovRAT's code being for sale makes potential variants a possibility, and they may contain updates beyond Daniel Kaye's original set of features. Although it supports Linux and Windows C&C infrastructure, malware experts only confirm versions of GovRAT's 'victim-side' software running inside of Windows environments.
The exploits that tend to bear responsibility for GovRAT infections include:
- Attackers may take advantage of unsafe server setups, including passwords that they can brute-force or vulnerabilities in unpatched software.
- Other attempts use drive-by-downloads, which may infect PCs through phishing e-mail attachments or Exploit Kits placed on websites targeting specific kinds of traffic.
As in any case of potential multi-system infectious activity, users should avoid sharing removable devices. Credentials for logging in to other systems, also, should be unique and complex sufficiently that an attacker can't brute-force them or break them with a so-called 'dictionary attack.' Typical anti-malware products for Windows should remove GovRAT, although updates may be necessary for recently-recognized variants.
After having his heyday with the Mirai Botnet and Deutsche Telekom attacks, GovRAT's author is no longer in a position for selling and deploying Trojans against the world. However, GovRAT remains a theoretical variable worth solving in future equations of government network security.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.