RAT malware spreading in Korea through web hard and torrents

An ongoing malware distribution campaign targeting South Korea disguises RATs (remote access trojans).  As an adult game shared via web hards and torrents. Attackers take easily accessible malware like njRAT and UDP RAT.  Wrap it in a package that looks like a game or other program. Then download it from the web. WebHard is a popular online storage service in Korea, preferred primarily for the convenience of direct downloads. Users end up on websites through Discord or social media posts.  However popular storage repositories enjoy a steady stream of daily visitors due to the content share.

 ASEC analysts report. Threat actors are now using Webhards to distribute a UDP RAT disguise as a ZIP file. They contain an adult game. Once extracts, the archive contains a “game.exe” launcher. Which is UDP rat malware. While running, Game.exe deletes a RAT containing Themida. and becomes hidden, while it subsequently creates a new Game.  exe file that will run the actual game, convincing the victim. That everything was fine. For this campaign, ASEC is unable to sample any of the additional payloads.  so it features preserves for future deployment. or it is just using intermittently.

RATs give hackers remote access to your computer

If you’ve ever had to call technical support for a PC, you probably know the magic of remote access. When remote access enables, authorized computers and servers control everything. That happens on your PC.

A RAT is a type of malware that is very similar to legitimate remote access programs.

The main difference, of course, is that RATs are installed on a computer without the user’s knowledge. Most legitimate remote access programs are designed for technical support and file-sharing purposes.  while RATs are designed to spy on, hijack, or destroy computers.

Like most malware, RATs are grafting onto legitimate-looking files. Hackers can attach a RAT to a document in an email or large software, such as a video game. Advertisements and malicious web pages also contain RATs. But most browsers prevent automatic downloads from websites or warn you when a site is unsafe.

Unlike some malware and viruses, it is difficult to know when you’ve downloaded a RAT malware. Generally speaking, a RAT does not slow down your computer. Hackers do not always betray themselves by deleting your files or moving your cursor around the screen. In some cases, users are infecting with a RAT for years without noticing anything abnormal. But why are RATs so secret? And how are they useful to hackers?

How does a remote access Trojan work?

Like other forms of malware, Remote Access Trojans are typically attaching to what appear to be legitimate files. emails or preinstalled software. However, it recently observes. These dangerous threat actors quickly change exploitation techniques. when their methods are discovering and publicly expose. However, what makes a RAT particularly dangerous is the fact. that it mimics trusted remote access applications. So You know it’s there once they install it. Because it doesn’t appear in a list of active programs or running processes. Why? Because it is more beneficial for hackers to stay away and avoid getting caught. If you do not take the proper security measures, you may have a Remote Access Trojan on your computer for a long time without being detected.

Unlike keylogging, a type of virus that logs keystrokes on a user’s keyboard without the victim realizing it, or ransomware, which encrypts all data on a PC or mobile device, blocking the Owner’s access to data until a ransom is paying Remote Access.

Trojans give attackers complete administrative control over the infected system.

They are not observed. Unlike keylogging, a type of virus that logs keystrokes on a user’s keyboard without the victim realizing it, or ransomware, which encrypts all data on a PC or mobile device, blocking the Owner’s access to data until a ransom is paid, Remote Access Trojans give attackers complete administrative control over the infected system, as long as they are not observed. As you can imagine, this type of activity can lead to tricky situations. For example, if a RAT is associated with a keylogger, it can easily obtain login information for financial and personal accounts. To make matters worse, they can stealthily activate a computer’s camera or microphone, and even access private photos and documents, or use your home network as a proxy server, to anonymously commit crimes.

Who is targeted?

Creating remote access Trojans that can evade detection is a meticulous process, which means that it is often more profitable for hackers to use them against larger targets like governments, businesses, and others. financial institutions. But they don’t stop there. The administrative access provided by Remote Access Trojans allows cybercriminals to wipe hard drives, download illegal and classified information, or even impersonate someone else on the Internet.

These actions can have geopolitical implications. If attackers succeed in installing remote access Trojans, for example in power plants, traffic control systems, or telephone networks, they can gain powerful control over them and even destroy communities, towns, and cities. nations. In this regard, we remember the 2008 war between Russia and Georgia, when Russia used a coordinated campaign of physical and cyber warfare to capture the territory of the neighboring Republic of Georgia.

How to Protect Yourself from RAT Malware

1. Never download anything from unreliable sources

It sounds simple or obvious, But it is the most effective way to prevent your system from getting infecting with a Remote Access Trojan. Do not open email attachments from people you don’t know (or even people you know if the message seems wrong or suspicious in some way), or from websites unreliable. Additionally, Always make sure that your browsers and operating systems patched and up to date.

2. Keep your antivirus software up to date

Home and small business networks can often benefit from antivirus software like our Heimdal ™ Threat Prevention. If you are new to our product, Heimdal ™ Threat Prevention is designing to protect customers from attacks. such as malware and ransomware that traditional antiviruses cannot detect. It can block different sources of malware infection such as malicious attachments, infected links that you may receive in your email, infected web pages, or malicious web applications which appear legitimate at first glance but which aim to spread ransomware. However, keep in mind that antivirus software won’t be very helpful if you actively download files and install programs that you shouldn’t.

3. Use intrusion detection systems

This is the most efficient option for large organizations. The intrusion detection system can be the host (HIDS) or network (NIDS) based. HIDS is installing on a specific device and monitors log files. Then application data for signs of malicious activity. NIDS tracks network traffic in real-time for suspicious behavior. Used together, the two create a security information and event management (SIEM) system. which can help block software intrusions. That have escaped firewalls, antivirus software, and other security solutions.