Tag

Remote Access Trojan

All articles tagged with #remote access trojan

cybersecurity2 years ago•1 min saved

"Quasar RAT: Flying Under the Radar with DLL Side-Loading"

The Quasar RAT, an open-source remote access trojan, has been observed using DLL side-loading to evade detection and steal data from compromised Windows hosts. The malware disguises itself as legitimate files, such as ctfmon.exe and calc.exe, to exploit the trust placed in them by the Windows environment. By leveraging DLL side-loading, the trojan executes its own payloads by planting spoofed DLL files. The attack begins with an ISO image file containing renamed binaries, which initiate the loading of malicious code concealed within a disguised DLL file. The trojan establishes connections with a remote server to send system information and enables remote access to the compromised endpoint. The initial access vector used by the threat actor is unclear, but phishing emails are a likely dissemination method. Users are advised to be cautious of suspicious emails, links, and attachments.

via The Hacker News|

#cybersecurity #data-exfiltration #dll-side-loading

cybersecurity2 years ago•2 min saved

QwixxRAT: A New Windows RAT Spreads Through Telegram and Discord

A new remote access trojan (RAT) called QwixxRAT is being sold on Telegram and Discord platforms. The malware stealthily collects sensitive data from Windows machines and sends it to the attacker's Telegram bot, providing unauthorized access to the victim's information. QwixxRAT is designed to harvest various data, including web browser histories, credit card information, and files. It incorporates anti-analysis features and a clipper to access sensitive information from the clipboard. The RAT's command-and-control is facilitated through a Telegram bot, allowing for additional data collection and control over the infected host. This discovery follows the disclosure of other RAT strains and a campaign using compromised sites to distribute a remote administration software tool.

via The Hacker News|

#cybersecurity #data-theft #discord

cybersecurity2 years ago•2 min saved

Beware: Android App Secretly Records Users' Lives.

An Android app called "iRecorder - Screen Recorder" was found to have been secretly recording audio and sending it to an unknown location after being "trojanized" with malicious software during an update. The malware, known as AhRat, is a remote access trojan that can be used to remotely access victims' phone data and send it to outside developers. While it's unclear who or what was controlling this latest version of AhMyth, past generations have been used for cyberespionage. The app has since been removed from Google Play.

via Futurism|

#android #cybersecurity #espionage