Milum RAT
The Milum RAT is a Remote Access Trojan or a tool for letting attackers control the PC through a GUI. The Milum RAT includes command execution and data-transferring features and is in targeted distribution by multiple campaigns. Users in at-risk environments, such as critical infrastructure businesses, may protect their networks with appropriate protocols and let professional anti-malware solutions delete the Milum RAT immediately after detection.
Industries in Danger from Invisible Problems
While some Remote Access Trojans are using the Coronavirus as their propagation route (see: the BlackNET RAT or the SpyMax RAT), others, still, are using unknown ways of circulating. The Milum RAT is a threat that malware experts saw back in 2019, but a new and not-significantly-updated build of the Trojan is in the wild a year later, as well. This version of the Milum RAT is targeting sensitive infrastructure industries under the guiding hand of the WildPressure APT.
This Advanced Persistent Threat entity is using completely-unknown means of dropping the Trojan, but its persistence mechanism is well-known: an invisible 'toolbar' window. After the installation, the Milum RAT sets up a communication pipeline that it supports with significant Zlib-based data compression. The features that the Milum RAT enjoys are archetypally recon-and-control ones, such as executing system commands, dropping files to specified locations, encoding and sending data to the attacker's C&C, and providing generalized information like file attributes or user names and hostnames.
The Milum RAT also may uninstall itself as an anti-detection measure or update itself, which may expand its attack features. Victims are, generally, entities in the industrial sector, with Middle Eastern nations being preferred targets by WildPressure regionally. However, such details could be inapplicable to future campaigns leveraging the Trojan with other threat actors.
Avoiding a Chance Meeting of Trojan Interests
While the Milum RAT's name translates as 'to meet' from the Hindi language, malware analysts have no tangible evidence of the identities of any of its previous or acting admins. Workplaces, government, NGO, or enterprise business-based, should protect their networks with the usual guidelines, such as avoiding insecure passwords, turning off RDP, taking advantage of all software security updates, and limiting admin privileges to necessary accounts. Infection vectors for the Milum RAT are likely to be e-mail-based and using either links or attachments with topics particular to the target.
The Milum RAT's payload isn't different in purpose from that of other RATs or backdoor Trojans that serve the interests of intelligence operatives (AKA, spies) notably. Despite its unoriginal features, the Trojan does give attackers incredibly invasive access to Windows systems, which is likely to expand to take over control of the rest of the network. Separating compromised PCs from other hardware is an essential counter step, post-infection, along with disabling Internet contact.
Professional and up-to-date anti-malware products should identify and delete the Milum RAT, particularly, given its lack of updates in recent deployments. However, their doing so does nothing regarding restoring passwords or other data that the attacker might collect.
Heavy industries are big business for hackers, which the Milum RAT demonstrates, just like Lambert or the more sensational Enfal. As far as nations like Iran and Israel concern themselves, computer networks are another battleground requiring just as ardent a defense.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.