RATDispenser Malware – A Stealthy Trojan Targetting Windows PC
With cybercrime on the rise, attackers are finding new ways to track specific victims and infect their devices with all sorts of malware. The most common way would be phishing emails, which TikTok profiles suffered from a while back.
Attackers have one thing in mind behind such an attack and it is to steal information and give them control over the target devices. So, who discovered the campaign, and how does it operate? Find out in this comprehensive news article.
RATDispenser – Email, Infect, Control
Cybercriminals have always developed enhanced stealthy ways to take over their victims’ devices. The HP Threat Research team found the malware and according to their report, it has an 11% detection rate.
It can easily evade security controls and deliver malware without the need to communicate with an actor-controlled server (it’s used as a first-stage malware dropper).
All the malware needs to run is for the user to double-click the attached file. You can check the image that HP provided in their report below:
According to HP, the loader will write a VBScript file to the %TEMP% folder. After that, it downloads the malware (RAT) payload.
RATDispenser – Hide & Conquer
HP used one of the most reliable virus detectors on the internet – Virus Total. Unfortunately, the malware’s obfuscation techniques allowed it to avoid detection 89% of the time.
According to the company:
As we mentioned, RATDispenser distributed 8 different malware families. These include all of the following:
- Panda Stealer
For example, the Formbook malware family acts as a keylogger and information stealer. However, RATDispenser does not focus on distributing this type of malware.
In fact, the most frequently observed malware families were STRRAT and WSHRAT, which have typical RAT capabilities such as remote access, credential stealing, and keylogging features.
Phishing Enhanced – Download, Launch, and Dispense RATs
Distributing remote access Trojans (RATs) and information stealers through phishing emails has become a very popular way for attackers to target new victims.
HP found this vulnerability and gave us everything we need to know about it. Now, it’s up to you to learn more in order to avoid such a predicament in the future.
Whenever you receive an email, make sure it comes from a legit source. If there’s even a 1% doubt, never click on any link. Visit the source manually. Stay safe.