December 11, 2023

Security researchers have discovered a new remote access trojan (RAT) being advertised on Underground hacking network.Named T-RAT, the malware is available for only $45 via a Telegram channel,. Access to the infected machine will be grabbed at lighting high speed before it gets detected

It supports commands like, when typed inside the main chat window, allow the RAT owner to retrieve browser passwords and cookies, navigate the victim’s filesystem and search for sensitive data, deploy a keylogger, record audio via the microphone, take screenshots of the victim’s desktop, take pictures via webcam, and retrieve clipboard contents.

T-RAT owners can also deploy a clipboard hijacking mechanism that replaces strings that look like cryptocurrency and digital currency addresses with alternatives, allowing the attacker to hijack transactions for payment solutions like Qiwi, WMR, WMZ, WME, WMX, Yandex money, Payeer, CC, BTC, BTCG, Ripple, Dogecoin, and Tron.

The RAT can also run terminal commands (CMD and PowerShell), block access to certain websites, kill processes , and even disable the taskbar and the task manager.

Distribution vector remains unknown
For now, the threat from T-RAT is relative low. It usually takes a few months before threat actors learn to trust a new commercial malware strain.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone Security Week In Review – December 2nd & 10th, 2023

December 10, 2023

5Ghoul Vulnerabilities affects 5G devices

December 10, 2023

Microsoft EDGE Browser Critical Sandbox Escape Vulnerability – CVE-2023-35618

December 9, 2023

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2
%d