Taidoor RAT
Newly discovered malware does not always mean that the threat in question has not been around for ages necessarily. Often, high-profile cybercriminals manage to keep their malware under the radar for years, and this is precisely the case with the Taidoor RAT – a Remote Access Trojan (RAT) that was mentioned in an August 2020 report from notorious US government agencies such as the Federal Bureau of Investigation (FBI). According to their reports, the earliest remnants of the Taidoor RAT's activity date back to 2008, and the malware has been involved in multiple campaigns over the past decade – the report also adds that the threat is likely to be used by Chinese government hackers.
Taidoor RAT Works on Both x64/x86 Architecture
The Taidoor RAT that malware researchers were able to recover showed that it had two separate variants – one was meant to work on x86 systems, while the other targeted systems with 64-bit architecture. Apart from the differences needed to fix compatibility issues, there were no other changes when both versions were compared.
The Taidoor RAT is able to operate in fileless mode by unloading a Dynamic Link Library (DLL) file that serves as a loader. The corrupted DLL loads the Taidoor RAT code into the computer's memory directly, therefore minimizing the footprint that the attack leaves behind.
This malware implant is not as advanced as some of the more popular, commercial Remote Access Trojans, but this does not come as a surprise. The operators of the Taidoor RAT do not use it for large-scale attacks and, instead, they focus on covert operations – clearly, their plan has been a success since the Taidoor RAT was unknown for over a decade of activity largely. Despite its limited features, the RAT is still able to perform important tasks on the compromised system:
- Access and modify the Windows Registry.
- Fetch running processes and services and manage their execution.
- Send remote commands.
- Read the Windows Event Log.
- Write, delete, and download files.
- Look for specific filenames or formats.
Judging by Taidoor RAT's set of features, it is clear that the implant is used for data theft and long-term espionage. Individuals and companies can protect themselves from the Taidoor RAT by investing in reputable anti-malware software, and strengthening the security policies of their firewall service.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.