RATDispenser evades nine in ten anti-virus engines
Stealth malware deploys key loggers and information stealers
Security researchers have discovered a strain of malware tailored to avoid detection by anti-virus engines. Dubbed RATDispenser, the software delivers remote access trojans (RATs) and information stealers that can log a victim's keystrokes and even steal cryptocurrency information.
Protecting every edge to make hackers’ jobs harder, not yours
How to support and secure hybrid architecturesFree download
RATDispenser doesn't execute its own payload. Instead, it is a delivery system that installs other malware. The installed script deploys one of eight malware families, all of which are either RATs, key loggers, or information stealers. According to the report, four in five malware families detected were STRRAT and WSHRAT. These are RATs written in Java and VBS.
One of the most notable malware families delivered via the dropper was Panda Stealer. This is a fileless malware strain that targets cryptocurrency wallets. It steals private keys and records of past transactions, according to a separate Trend Micro report. It can also steal credentials from other services including NordVPN, Discord, and Telegram, while taking screenshots of the victim's system.
One step that RATDispenser frequently takes to fly under the radar is to drop, rather than download, its payloads. In 94% of detected cases, the program carries the payload with it. This enables it to decode and deliver the malware locally rather than downloading it over the network. That makes it harder for network monitoring software to spot.
Turning user behaviour insights into retention strategiesFree Download
Dell PowerEdge with AMD
IT applications and infrastructure are the prime catalyst for new revenue creationFree Download
Building for success with off-premises private cloud
Leveraging co-location facilities to execute your cloud strategyFree Download
Cyber resiliency and end-user performance
Reduce risk and deliver greater business success with cyber-resilience capabilitiesFree Download