Home Malware Programs Malware XtremeRAT

XtremeRAT

Posted: January 30, 2014

Threat Metric

Ranking: 2,692
Threat Level: 1/10
Infected PCs: 2,907
First Seen: January 31, 2014
Last Seen: October 16, 2023
OS(es) Affected: Windows


XtremeRAT is a backdoor Trojan often used against Middle Eastern targets, including the PCs of branches of the Israeli government and Syrian political activists. Although XtremeRAT's usage is relatively widespread, XtremeRAT rarely is spread indiscriminately; XtremeRAT attacks often are tied to attempts to compromise sensitive PCs in locations that would benefit particularly enterprising ill-minded persons or even opposing nations. New XtremeRAT attacks have been confirmed by other sources, and malware researchers warn that e-mail attachments are the most likely means of acquiring an XtremeRAT infection.

The Little RAT that's Just the Start of More Problems

XtremeRAT is most known for its spyware-related capabilities, allowing XtremeRAT to steal privileged information from the computers XtremeRAT infects – which is a particularly unpleasant proposition, given the sensitive nature of the machines often targeted by XtremeRAT's distributors. However, XtremeRAT, like most Remote Access Trojans, may also be configured for other attacks, and recently has been found installing additional types of threats onto infected computers belonging to the Israeli government. The remote connection exploited by XtremeRAT uses the same open port that often is used by instant messaging programs: port 1863.

While the criminals behind XtremeRAT's attacks have been happy to use different means of distributing XtremeRAT, many of the most prominent and recent XtremeRAT attacks have relied on corrupted e-mail messages. The last of these messages were provided with a Hebrew text related to the departed Prime Minister, Ariel Sharon, albeit with an improper translation, and installed XtremeRAT through fake PDF files that actually were misnamed EXE (executable) files. As usual, malware researchers can point to distracted PC users trusting improperly-labeled file types as one of the most direct ways of compromising your PC with a high-level threat.

The Right Pesticide for an XtremeRAT

Because XtremeRAT may receive commands for a range of different attacks through its Command & Control server, there's no way to point to individual symptoms or problems that are certain to arise from XtremeRAT infections. However, an XtremeRAT infection is always equivalent to turning your keyboard and mouse over to criminals, and having your privileged information collected through stealth attacks like keylogging is usually to be expected. Removing XtremeRAT, as with all sophisticated types of threats, requires the use of equally sophisticated anti-malware tools, supported by all relevant security strategies available.

XtremeRAT also should be detectable by these same anti-malware tools, particularly if you scan suspicious e-mail attachments prior to opening them (which malware analysts always would encourage). Some of the known aliases of XtremeRAT include BKDR_BREUT.A and Trojan:Win32/Meroweq.A, and XtremeRAT may be identified, with equal accuracy, either as a backdoor Trojan or a RAT. Compromised PCs should have all passwords and other sensitive information modified or re-secured, as is appropriate, once XtremeRAT has been removed.

Technical Details

Additional Information

The following URL's were detected:
getfileconvertor.org
Loading...