jRAT

JRAT is a JAVA-based Remote Access Trojan (RAT) that may be compatible with operating systems other than Windows because JAVA applications are cross-platform compatible as long as the targeted host has the JAVA Runtime Environment (JRE) installed. Regardless of this, the primary targets of jRAT’s authors appear to be Windows-based computers.

The first samples of this hacking tool were spotted in 2017, but since then the RAT has undergone several updates that introduced new features and VM-evasion techniques. One of the larger campaigns linked to the use of the jRAT relies on fraudulent emails to get users to download a ‘.jar’ attachment that carries the threat’s payload.

Once the jRAT is initialized, it may use the WMIC service to execute a Windows command that checks for the presence of anti-virus software and firewall configuration. It also drops a secondary ‘.jar’ file to the Windows %TEMP% folder, and ensures that it will be run whenever Windows starts. Last but not least, the jRAT connects to the attackers’ server and transmits basic system details.

The list of features that jRAT boasts is not that impressive, but the threat is still able to violate the privacy of its victims, and collect data:

• Record keystrokes.
• Take screenshots of the desktop and active Windows.
• Use Windows’ voice feature to play an audio message.
• Download and launch files on the compromised host.
• Modify files on the victim’s computer.
• Use the Web camera.

Dealing with the jRAT is an important task since any minute that this malware spends active may end up costing you dearly. Threats of this sort can be easily eradicated with the use of a reputable anti-virus software suite.