Remote Access Trojans (RATs) are perhaps the most notorious threat when it comes to targeted attacks on governments and various business sectors.
That being said, one of the currenlty active RATs closely monitored by researchers has gone way ahead of the boldest of expectations, with approximately 400,000 corporate and private targets on a global level.
The RAT in question is AlienSpy RAT. However, it has other aliases such as:
- Frutas;
- Unrecom;
- Sockrat;
- JSocket;
- jRat;
- Adwind.
The threat has been analyzed by Kaspersky researchers Vitaly Kamluk and Aleks Gostev who recently attended the Security Analyst Summit in Tenerife and presented their findings.
What is there to know about the AlienSpy RAT? Well, a lot.
According to Kaspersky experts, the RAT has been deployed in malicious targeted attacks on at least 443,000 users and companies in the period 2013-2016. The numbers may just be growing as we speak – the RAT is still active to this day and hour. Thus, calling it a RAT may not be appropriate enough – such malicious pieces are more of cross-platform malware threats. Another good description that fits RATs of AlienSpy’s proportion is malware-as-a-service platform.
More on RATs:
Moker RAT Bypasses Detection by VirusTotal
Trochilus RAT Attacks Governments
AlienSpy is based on JavaScript and, no surprise here, is distributed primarily via phishing campaigns, in malicious email attachments.
Once installed, AlienSpy can perform a range of malicious activities such as:
- Collecting keystrokes (keylogging capabilities);
- Stealing cached passwords;
- Harvesting data submitted through Web forms;
- Taking screenshots and even pictures;
- Recording video and sound;
- Transferring files silently to the attackers’ location;
- Collecting system information;
- Collecting VPN certificates;
- Taking over SMS systems in Android devices;
- Stealing keys for crypto currency wallets such as BitCoin.
Furthermore, AlienSpy also has an option to chat with the victim, if such communication is needed.
It’s obvious that Alien Spy is a versatile and powerful tool that, thanks to its extensive weaponry, can cause great damage to its victims. There is one case, however, that stands out. In August 2015, the threat was associated with the death of Argentinian prosecutor Alberto Nisman.
AlienSpy RAT’s victims are found in various business sectors – finance, engineering, manufacturing, design, retail, shipping, telecom, and governments. Additionally, smaller campaigns have been registered against businesses in the sectors of education, healthcare, software, energy, media, and food production.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter