Malware Monday: Sneaky RAT's!!

What a RAT virus is and how it threatens you!

The Remote Access Trojan that is known by most as the RAT virus is one of the most feared security threats in the online world! The main reason behind the big scare is the amount of privacy-degrading tools that are available to an attacker using it. These dangerous tools include webcam viewers, keyloggers, and even bandwidth utilizers to use the victim’s own bandwidth in illegal activity! Once attackers have access with this tool to the victim’s computer they can sit back and monitor the victim in any way they want, it’s pretty much unbothered admin access!

Remote Access Trojans work their way into your system by being disguised by their “shell” program that displays as something harmless and is then deployed using social engineering tactics. These sneaky viruses can also be packaged with downloads from shady websites such as cracked applications or free unlocked games. Your best defense against RATs is to stay wary of what you download and what emails you come across as you never know what click could lead to the sneaky install!

New “Dev Popper” RAT targets software developers!

You might want to think about that next job application you click if you are a software developer! There are reports of a new Python RAT being dubbed “Dev Popper” that lures software developers into a fake job interview and tricks them into installing it through “job-related” tasks to accomplish. The attackers use the immense pressure and distraction that the job interview provides to have the victim fall for this. Analysts from Securonix are pointing fingers toward North Korea in their full analysis of the RAT virus.

It should also be mentioned North Korea has been at the center of attention with these specialized job app attacks from previous reports. Securonix has confirmed this RAT software has the following capabilities such as persistent connection, file system explorer, remote system command, specialized data extractors for personal information, and as well as a keylogger to log every keyboard stroke the user makes! Going forward with this if you are a software developer make sure to have security in the back of your head during those job interviews as it could very well lead to the extraction of your personal data if you are not careful!

Chinese “Noodle” RAT worming through Windows and Linux!

A new cross-platform RAT virus has made its way onto the world stage. Trend Micro found the dirty “evolution” of an older malicious RAT dubbed “Gh0st RAT”. Trend Micro has stated the Noodle RAT is “..not merely a variant of existing malware, but is a new type altogether.” The cybersecurity research group had focused their efforts on attacks in the Asia-Pacific region and found that all had the same backdoor being used!

While the Noodle RAT is capable of penetrating both major OS types, it is only possible to penetrate Windows with the Windows variant “Noodle” and Linux with its “Noodle” variant. These variants also have different purposes to them if you thought that was bad enough. The Windows variant uses a loader disguised as a safe app to launch its contents and deploy its attack on PCs, while the Linux variant is equipped to breach Linux servers by deploying its attack on vulnerable public-facing applications!

Criminals behind these acts have been mostly based out of China. The Chinese government has honed the Noodle RAT as one of their best cybercrime tools. These attacks on the Asia-Pacific region from China have been linked to their government’s corporate cybercrime campaign. Tools like the Noodle RAT software are commonly sold all across private and government sectors of China!