Researchers Find Aggressive RAT Trojan Infections Spreading Like Wildfire
Cybercrooks have long been proponents of specially designed tools or resources that enable them to orchestrate attacks on computer systems and servers around the world. In today's age, there is no reason that a cybercrook should have to conjure up their malware every time, which is why there are certain organizations that have created a growing number of njRAT (Remote Access Trojan or Remote Access Tool), or a variation of the njworm malware, allowing attackers to control infected devices.
RATs were developed in .NET, which allows attackers to garnish control over a system infected by a RAT. The malware infiltrating systems from RATs consists of the ability to record keystrokes on the system, download files, execute files and programs, steal login credentials, access a system's connected webcam and microphone, and access desktop items remotely. The possibilities granted through the use of sophisticated RATs are nearly endless.
With RAT Trojan infections spreading like wildfire recently, it begs us to question how effective such malware is. In that, researchers have uncovered how aggressive recent RAT infections are in their ability to utilize new methods to evade detection and spread.
Through the use of No-IP domains, an entity that has a clever way of having a domain belonging to a dynamic DNS provider, was used in most cases of njRATs in 2014 when detected by Microsoft. The developments of njRATs have been limited but due to security researchers noticing a major increase in njRAT infections on computers, we may be witnessing a major up-tick in No-IP.com's services being abused by njRAT operators.
H-Worm infections, known for their veracity of sharing common code base among systems employed in the international energy industry, has been an exploited thing recently. These attacks, first initiated through spammed email attachments and malicious links, are utilizing VBS (Visual Basic Script) based RATs.
A total of 16 active variants of the H-Worm has been tracked by the security firm Zscaler. Additionally, 20 dynamic DNS services abused by malware authors for command and control (C&C) communications were identified by Zscaler. The H-Worm variants are emerging quickly and the attempt by Microsoft to disrupt the C&C channel for the RAT culprit has led to evasive maneuvers s by the malware authors. Those maneuvers continue to be the use of dynamic DNS services, which will inevitable allow the dangerous RAT infections to spread and continue to launch DDoS (Distributed Denial of Service) attacks, take control of infected computers, and other malicious activities that could utterly disrupt systems or a whole organization.
While researchers are continuing to uncover a potential epidemic of RATs spreading malware like wildfire, it is prudent that we be vigilant by keeping our computer's software updated and run the latest version of a trusted antivirus or antimalware application.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.