RATVERMIN
RATVERMIN is a backdoor Trojan that can give remote attackers control over the system, including closing programs at will, downloading and launching files, and collecting information through various methods. As a stealth-oriented threat, symptoms of infection are minimal, although users can expect installation exploits that use targeted e-mail messages. The proper response to this high-level threat includes disabling network connectivity temporarily while uninstalling RATVERMIN with high-grade anti-malware solutions before re-securing your confidential information.
A Rodent with Fangs that Bite Deep
Attacks against the Ukrainian military sector are showing that threat actors, regardless of the sensitivity of their targets, are keeping their dependency on e-mails as the primary path for breaching security. Current attacks leveraging RATVERMIN, a backdoor Trojan with features typically invasive for its category, are hoping that the recipients will open the disguised attachments, which pretend that they're documents from Armtrac, a UK-based defense manufacturer. Further completing the disguise is the fact that the message includes real Armtrac articles alongside the fake one.
The threat actors using RATVERMIN are an anti-Ukrainian group of hackers that have been operational since at least 2014. A transition from executables and RAR archives to LNK files shows their slowly growing sophistication with delivering threats to their targets, such as Ukrainian government networks, through increasingly obfuscated formats. RATVERMIN's installer in its most recent attack includes fake icons and extensions for completing the appearance of its being a document.
While malware analysts see no particularly unusual or creative features in current releases of RATVERMIN, the backdoor Trojan is, nonetheless, highly invasive. It includes a keylogger feature for collecting keyboard input and the contents of the clipboard, can launch or force processes closed, delete files, monitor audio and video devices like microphones and webcams, and, of course, update itself. Threat actors are likely of supplementing any limitations in its payload by using RATVERMIN for dropping other threats, in turn.
The Proper Baiting of a RATVERMIN Trap
The Ukrainian basis of the campaigns using RATVERMIN as a weapon for compromising PCs shouldn't give users elsewhere any sense of relief. RATVERMIN is just as capable of providing threat actors with control over systems elsewhere, and there is a historical pattern of some criminals testing their Trojans in Ukraine before proceeding to other parts of the world. Besides that, the infection methods that RATVERMIN uses are ones that it shares with other threats, such as most families of file-locker Trojans.
Users could detect some RATVERMIN infection strategies by paying sufficiently close attention to the grammar errors and mismatched icon to extension formatting that its e-mail phishing lure uses. Newer campaigns with it may not have the same guarantee, however. Victims should disable their network connections immediately for stopping all C&C communications between the Trojan and the threat actor and use a qualified anti-malware utility for uninstalling RATVERMIN.
RATVERMIN is a comprehensive package of data-ferrying features that users can fight before it gets aboard their systems most easily. This simple truth is one that this backdoor Trojan shares with most of its kind, whether they're simple, or sophisticated enough to threaten a military network.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.