RAT

Zscaler ThreatLabZ analysts have managed to locate a unique type of trojan that overwhelmingly seems to target cryptocurrencies.

In last week’s blog post, analysts from the cyber security firm reveal that they managed to identify a new remote-access trojan (RAT). This new RAT is able to capture the administrative control of the infected computer and scan its entire browsing history for activity which involves crypto, social media, credit card usage and others.

This RAT has been dubbed Saefko and seems to be written in .NET. NET is a software framework developed by Microsoft and is mostly used to develop many different applications with many different functions.

This RAT allows to attackers to do a lot of damage

RATs themselves, are usually contracted if a user opens an email attachment or downloads an app or game which itself has been infected. Since most RATs enable administrative control over the infected computer, the attackers can pretty much do everything.

The attackers can use keystrokes to monitor the user behavior, steal passwords and other confidential information, activate the webcam if one is available, take screenshots, format drives, delete files, spread fake information from the infected user’s social media profiles and many, many more.

Zscaler’s recommendation is rather simply, but effective: “DO NOT, under any circumstances download or open files from sources you do not know or trust.”

Analysts from the cyber security firm also recommend that network admins should block unused ports and turn off unused services while also monitoring outgoing traffic.

Last week, it was reported that the Chinese government espionage cyber unit APT41 are going after cryptocurrency and video-game related businesses.

Researchers from the cybersecurity firm FireEye state that this Chinese government group is usually deployed in order to gather intelligence before major events like mergers, acquisitions or big political events.

You can also check out:

Share This