Home Malware Programs Remote Administration Tools Vermin RAT

Vermin RAT

Posted: July 23, 2018

The Vermin RAT is a Remote Access Trojan that provides its threat actor with remote access to the infected PC, which enables control over the file system and the potential theft of information. Campaigns using this Trojan are employing installation exploits with fake document tactics specialized for valuable targets in Ukraine. Strong anti-malware protection is advisable for deleting the Vermin RAT before it compromises your PC or your privacy.

The Next Documented Rodent is Appropriately-Named

While the threat actors are launching campaigns around the world, some nations, such as Ukraine, attract their interest more often than others. The appeal of this region is consistent with both for-profit threats, such as the VevoLocker Ransomware and sabotage or espionage-related software like CrashOverride. Recent sources confirm the continuation of that historical trend with the Vermin RAT, a Remote Access Trojan that sometimes deploys alongside or as an alternative for the previously-analyzed Quasar RAT.

The Vermin RAT is a .NET Framework-based threat that includes a re-launching Scheduled Task for its system persistence and uses what malware experts are noting is mostly unique code. The installation exploits in the Vermin RAT's campaigns, which, seemingly, originate from a single criminal individual or team, may disguise the executable with document-themed names associated with work reports or document-reading software and are specific to Ukrainian language victims.

Depending on the presence or absence of AV software, the Vermin RAT may or may not drop its keylogger component for recording any keyboard input-based data. Like other RATs, it also uses a network C&C connection for remote control purposes, such as downloading or uploading activity. Some of the other commands that malware experts are emphasizing the Vermin RAT's support for include:

  • The Vermin RAT may monitor the system for specific tasks or memory processes being open.
  • The Vermin RAT may close other programs as specified at will.
  • The Vermin RAT may rename the files or folders on your PC.
  • The Vermin RAT includes both screen-capturing and audio (such as microphone-recording) spyware features for collecting data, as separate features from its keylogging module.

Pest Control for Your Computer

The Vermin RAT runs on Windows PCs regardless of their language settings, thanks to an error in its self-terminating function. However, its campaigns are, currently, attacking only high-value targets inside of Ukraine. Users at risk should monitor any e-mail attachments and Web links for content that resembles an infection vector, such as fake fuel supply reports or certificate request prompts. Non-traditionally, most Trojan droppers for the Vermin RAT use disguised icons and file names, but not real documents, for their distribution.

Malware researchers are, as usual, finding no symptoms associated with the long-term presence of the Vermin RAT infections, which are stealth-based with minimal footprints. The Vermin RAT's attacks are at least as old as 2015, but industry-wide analyses of this threat are recent. Updating your anti-malware program's threat database may be critical for the accurate and safe removal of the Vermin RAT before it harms your PC.

Ukraine is a region of great interest to certain threat actors both politically and financially. Whether the Vermin RAT's author's motive is money or influence matters less than whether or not its victims can protect their networks better than previously.

Loading...