There's a new JavaScript downloader lurking that not only distributes eight different Remote Access Trojans (RATs), keyloggers, and information thieves, but can also avoid detection by most users' security tools. experts warned.
Cybersecurity researchers at HP Wolf Security called the malware RATDispenser, noting that while JavaScript downloaders typically have a lower detection rate than other downloaders, this particular malware is more dangerous because it uses multiple techniques to evade detection. .
"It is particularly concerning that RATDispenser is only detected by around 11% of antivirus systems, allowing this stealthy malware to be successfully deployed to victim endpoints in most cases," said Patrick Schlapfer, analyst malware from HP.
Schlapfer adds that RATs and keyloggers help attackers gain backdoor access to infected computers. The actors then generally use the access to help bypass credentials for user accounts and, increasingly, cryptocurrency wallets, and in some cases they may even offer access to ransomware operators.
Ratatouille
The researchers note that the chain of infection begins when a user receives an email containing malicious hidden JavaScript code. When run, JavaScript writes a VBScript file, which in turn offloads the malware's payload before being erased.
Further investigation revealed that there were at least three different RATDispenser variations in the last three months for a total of 155 samples. While most of those samples were droppers, ten were downloaders communicating over the network to retrieve a secondary stage of malware.
“The variety of malware families, many of which can be purchased or downloaded for free in underground markets, and the preference of malware operators to ditch their payloads, suggests that the authors of RATDispenser can run malware such as that service. business model ”, say the researchers.
Protect Your Computers With These Best Antivirus And Clean It With The Best Malware Removal Software