Home Malware Programs Remote Administration Tools Kwampirs RAT

Kwampirs RAT

Posted: March 26, 2020

The Kwampirs RAT is a Remote Access Trojan that can give attackers control over the infected system, such as providing command-executing capabilities. The Trojan is significant for including both worm-like network propagation and verifiable compatibility with hardware related to the medical industry and various IoT devices. Workers can defend their networks with anti-malware tools for removing the Kwampirs RAT preemptively and by responding to breaches of software supply chains rapidly.

A Faulty Link in Your Software Security Chain

Compromises of software supply chains for converting updates into implants of threatening software are rare, due to their technical requirements for implementing. A threat actor by the name of Orangeworm, however, proves that some targets are worth the effort – when it comes to crucial healthcare and power infrastructure, particularly. The difficult-to-defend-against the Kwampirs RAT is breaking into both general-purpose networks and specialized devices for motives that may involve anything from sabotage to collecting data for profit.

The Kwampirs RAT is compatible with multiple Windows environments but displays exceptional network traversal features in older versions of the OS – such as, not-coincidentally, those in use by the medical or energy businesses. Besides conventional computers, the Kwampirs RAT also is infecting everything from x-ray to MRI hardware and extending into network shares as it progresses. The Trojan also comes with lists of two hundred URLs for use as part of its C&C server infrastructure, which seems to be on a rotation.

In many instances, attacks aren't targeting the desired victim entity directly. Instead, Orangeworm hijacks an update in a software supply chain (a la ShadowPad, for example), and workers compromise their networks while performing the normally-laudable task of installing patches. Typical entities at risk besides those already mentioned include finance companies and Industrial Control Systems.

Wormproofing a Network as Easily as Possible

Remote Access Trojans such as the Kwampirs RAT offer attackers with user-friendly interfaces for issuing system commands, opening files, and managing downloads and uploads for the infected system. The Kwampirs RAT also has some characteristics that malware experts note as displaying the threat actor's rigorous work ethics, such as falsifying compilation dates and re-compiled iterations of the Trojan droppers that service the installations.

Supply chain providers have personal responsibilities concerning the proper protocols for eliminating any access that attackers like Orangeworm might have to their development environments. Concerning the resultant victims, the use of updates for infection vectors renders networks at risk without the usual, telltale interactions with phishing e-mails or watering hole websites. Users are dependant on current heuristics and threat definitions in their security software for protection.

Always treat a RAT, regardless of its hardware 'host,' as being a high-level threat with the potential capacity for taking over admin accounts and traveling over a network. High-quality anti-malware tools should delete the Kwampirs RAT automatically whenever possible.

2020 is showing a unique urgency in the pressure the Coronavirus epidemic is placing on hospitals and other medical entities. The Kwampirs RAT is striking at just the wrong time for the public, but the 'right' time for hackers maximizing damage.

Loading...