XtremeRAT
Posted: January 30, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 2,692 |
---|---|
Threat Level: | 1/10 |
Infected PCs: | 2,907 |
First Seen: | January 31, 2014 |
---|---|
Last Seen: | October 16, 2023 |
OS(es) Affected: | Windows |
XtremeRAT is a backdoor Trojan often used against Middle Eastern targets, including the PCs of branches of the Israeli government and Syrian political activists. Although XtremeRAT's usage is relatively widespread, XtremeRAT rarely is spread indiscriminately; XtremeRAT attacks often are tied to attempts to compromise sensitive PCs in locations that would benefit particularly enterprising ill-minded persons or even opposing nations. New XtremeRAT attacks have been confirmed by other sources, and malware researchers warn that e-mail attachments are the most likely means of acquiring an XtremeRAT infection.
The Little RAT that's Just the Start of More Problems
XtremeRAT is most known for its spyware-related capabilities, allowing XtremeRAT to steal privileged information from the computers XtremeRAT infects – which is a particularly unpleasant proposition, given the sensitive nature of the machines often targeted by XtremeRAT's distributors. However, XtremeRAT, like most Remote Access Trojans, may also be configured for other attacks, and recently has been found installing additional types of threats onto infected computers belonging to the Israeli government. The remote connection exploited by XtremeRAT uses the same open port that often is used by instant messaging programs: port 1863.
While the criminals behind XtremeRAT's attacks have been happy to use different means of distributing XtremeRAT, many of the most prominent and recent XtremeRAT attacks have relied on corrupted e-mail messages. The last of these messages were provided with a Hebrew text related to the departed Prime Minister, Ariel Sharon, albeit with an improper translation, and installed XtremeRAT through fake PDF files that actually were misnamed EXE (executable) files. As usual, malware researchers can point to distracted PC users trusting improperly-labeled file types as one of the most direct ways of compromising your PC with a high-level threat.
The Right Pesticide for an XtremeRAT
Because XtremeRAT may receive commands for a range of different attacks through its Command & Control server, there's no way to point to individual symptoms or problems that are certain to arise from XtremeRAT infections. However, an XtremeRAT infection is always equivalent to turning your keyboard and mouse over to criminals, and having your privileged information collected through stealth attacks like keylogging is usually to be expected. Removing XtremeRAT, as with all sophisticated types of threats, requires the use of equally sophisticated anti-malware tools, supported by all relevant security strategies available.
XtremeRAT also should be detectable by these same anti-malware tools, particularly if you scan suspicious e-mail attachments prior to opening them (which malware analysts always would encourage). Some of the known aliases of XtremeRAT include BKDR_BREUT.A and Trojan:Win32/Meroweq.A, and XtremeRAT may be identified, with equal accuracy, either as a backdoor Trojan or a RAT. Compromised PCs should have all passwords and other sensitive information modified or re-secured, as is appropriate, once XtremeRAT has been removed.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.