WSH RAT
WSH RAT is a backdoor Trojan and Trojan downloader that grants control of the system to remote attackers and drops other threats onto your PC. Although it's a JavaScript-based port of the older H-Worm or Houdini Worm, it includes additional features and a spyware-specialized payload for collecting information. Users should disable network connections and uninstall the WSH RAT with suitable anti-malware tools as soon as they suspect infection.
A Scripting Tool that's Hosting Trojans
A Windows component that's in all 98 and newer versions of the OS, the Windows Script Host, is being subverted as part of a campaign that retools an old Trojan into a new, for-hire one. The WSH RAT abandons the original H-Worm or Houdini Worm's use of Visual Basic in favor of JavaScript but keeps all of the features and even obscure formatting characteristics like the Command & Control structure and the use of garbled Base64. It is, however, more than just a straight port, which its attendant marketing campaign makes known to other criminals on the Dark Web.
While any criminal could rent the WSH RAT and deploy it in the manner of their choosing, its first attacks are using phishing e-mail messages with fake bank customer information. The attached files contain links to corrupted ZIP archives with the Trojan's installer, supposedly, as 'bank details' PDF documents. The WSH RAT's first stages include contacting a remote server for instructions and files, and it may utilize any of the previous features of the H-Worm, such as a hibernation function, downloading additional content, or closing other programs' memory processes without your consent.
Malware experts also emphasize new additions to the WSH RAT, including third-party modular support and an array of different startup options for its system persistence. Its payloads are, for now, deploying spyware: information-collecting threats that collect keyboard input-based information, as well as your Web-browsing and e-mail content. The WSH RAT is compatible with most versions of Windows, ranging from XP up to the present-day Windows 10.
Wishing Bad RATs Away from Your Computer
While disabling Internet connectivity is a valuable step in stopping the WSH RAT from acting on any commands or uploading collected data, it doesn't stop all of the data-scouring activity, which has some new support for offline-mode attacks. Its packaged spyware functionality includes support for various Web browsers, such as Chrome, Internet Explorer, Edge, and Opera, all of which may be targets for ransacking for their passwords. Users should protect their information accordingly, and remain offline until they have total confirmation of the PC's disinfection.
The WSH RAT is cheap unusually, for a Trojan of its width of features, at only fifty USD in Bitcoins for any criminal who hires the thirty-day version. This accessibility could make it available to many criminals with different scams and exploits at their disposal. Users should, however, maintain an especially acute awareness of the risks of e-mail attachments, particularly ones carrying financial or workplace-related themes that are traditional hallmarks of phishing attacks. Up-to-date anti-malware solutions should be removing the WSH RAT, as well as its Trojan droppers, on sight.
The WSH RAT proves that old magicians can learn new tricks that are certain of frightening any audience. When trusting a strange attachment is your stock response to an unexpected e-mail, your reward for that faith may be nothing more than a Trojan's latest update.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.