Security researchers have discovered a strain of malware tailored to avoid detection by anti-virus engines. Dubbed RATDispenser, the software delivers remote access trojans (RATs) and information stealers that can log a victim's keystrokes and even steal cryptocurrency information.
Protecting every edge to make hackers’ jobs harder, not yours
How to support and secure hybrid architectures
RATDispenser doesn't execute its own payload. Instead, it is a delivery system that installs other malware. The installed script deploys one of eight malware families, all of which are either RATs, key loggers, or information stealers. According to the report, four in five malware families detected were STRRAT and WSHRAT. These are RATs written in Java and VBS.
One of the most notable malware families delivered via the dropper was Panda Stealer. This is a fileless malware strain that targets cryptocurrency wallets. It steals private keys and records of past transactions, according to a separate Trend Micro report. It can also steal credentials from other services including NordVPN, Discord, and Telegram, while taking screenshots of the victim's system.
One step that RATDispenser frequently takes to fly under the radar is to drop, rather than download, its payloads. In 94% of detected cases, the program carries the payload with it. This enables it to decode and deliver the malware locally rather than downloading it over the network. That makes it harder for network monitoring software to spot.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Danny Bradbury has been a print journalist specialising in technology since 1989 and a freelance writer since 1994. He has written for national publications on both sides of the Atlantic and has won awards for his investigative cybersecurity journalism work and his arts and culture writing.
Danny writes about many different technology issues for audiences ranging from consumers through to software developers and CIOs. He also ghostwrites articles for many C-suite business executives in the technology sector and has worked as a presenter for multiple webinars and podcasts.