SectopRAT
SectopRAT is a newly spotted Remote Access Trojan that is considered to be a work in progress – some of its modules are empty or unfinished, and some of its functions do not work yet. However, it does include some interesting features that make it a major threat to users who have not taken the needed measures to protect their computers from unwanted intruders.
The primary feature of the SectopRAT appears to be its ability to spawn a second 'explorer.exe' process that is invisible to the user. This creates a secondary desktop that the attackers can control remotely without alerting the victim – this may allow them to execute several actions on the remote computer such as browse the Web, browse files, and access system settings and features. The RAT also has the ability to spawn a new Web browser instance, but this module has one major flaw – it uses hardcoded directories to launch Mozilla Firefox, Google Chrome or Internet Explorer. This means that if the victim has not used the default installation path for the Web browser, the RAT may fail to function.
SectopRAT Creates a Stealthy Secondary Desktop Environment
Other commands that the SectopRAT supports are related to the second desktop environment it creates – the threat can handle mouse and keyboard events, therefore allowing the attacker to have full control over the second desktop. The threat also has the ability to update itself, disconnect from the compromised host, and collect computer information automatically. Last but not least, the operators can change the Command & Control server's address quickly.
Cybersecurity researchers identified several different samples of the SectopRAT being uploaded to a file scanning service, so it is possible that the author might be testing the waters and seeing if anti-virus products are doing a good job at detecting their program. One of the samples featured an icon used by the Adobe Flash Player, so this might mean that the attacker is planning on propagating the SectopRAT disguised as an Adobe Flash Player updater or installer.
To minimize your chances of encountering the SectopRAT, we advise you to be careful with the websites you browse, as well as avoid downloading files from unreliable sources. Of course, the best cybersecurity improvement is to install a reputable anti-malware service.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.