CYBER NEWS

Multi-Purpose AlienSpy RAT Attacks 400,000 International Victims

remote-access-trojan-sensorstechforumRemote Access Trojans (RATs) are perhaps the most notorious threat when it comes to targeted attacks on governments and various business sectors.

That being said, one of the currenlty active RATs closely monitored by researchers has gone way ahead of the boldest of expectations, with approximately 400,000 corporate and private targets on a global level.

The RAT in question is AlienSpy RAT. However, it has other aliases such as:

  • Frutas;
  • Unrecom;
  • Sockrat;
  • JSocket;
  • jRat;
  • Adwind.

The threat has been analyzed by Kaspersky researchers Vitaly Kamluk and Aleks Gostev who recently attended the Security Analyst Summit in Tenerife and presented their findings.

What is there to know about the AlienSpy RAT? Well, a lot.

According to Kaspersky experts, the RAT has been deployed in malicious targeted attacks on at least 443,000 users and companies in the period 2013-2016. The numbers may just be growing as we speak – the RAT is still active to this day and hour. Thus, calling it a RAT may not be appropriate enough – such malicious pieces are more of cross-platform malware threats. Another good description that fits RATs of AlienSpy’s proportion is malware-as-a-service platform.

More on RATs:
Moker RAT Bypasses Detection by VirusTotal
Trochilus RAT Attacks Governments

AlienSpy is based on JavaScript and, no surprise here, is distributed primarily via phishing campaigns, in malicious email attachments.

Once installed, AlienSpy can perform a range of malicious activities such as:

  • Collecting keystrokes (keylogging capabilities);
  • Stealing cached passwords;
  • Harvesting data submitted through Web forms;
  • Taking screenshots and even pictures;
  • Recording video and sound;
  • Transferring files silently to the attackers’ location;
  • Collecting system information;
  • Collecting VPN certificates;
  • Taking over SMS systems in Android devices;
  • Stealing keys for crypto currency wallets such as BitCoin.

Furthermore, AlienSpy also has an option to chat with the victim, if such communication is needed.

It’s obvious that Alien Spy is a versatile and powerful tool that, thanks to its extensive weaponry, can cause great damage to its victims. There is one case, however, that stands out. In August 2015, the threat was associated with the death of Argentinian prosecutor Alberto Nisman.

AlienSpy RAT’s victims are found in various business sectors – finance, engineering, manufacturing, design, retail, shipping, telecom, and governments. Additionally, smaller campaigns have been registered against businesses in the sectors of education, healthcare, software, energy, media, and food production.

donload_now_250
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...