New Malware Dropper Targets Windows Systems With Two RAT’s At Once

Windows users should now get ready for ‘Double Trouble’. Researchers have discovered a malware variant that targets Windows systems with not one, but two RATs at the same time. Both of these Trojans have become known in previous campaigns.

Malware Targets Windows With Two RATs

Researchers from Fortinet have discovered a malware dropper targeting windows systems with two trojans. The malware variant, as discovered, delivers two RATs to infect the target machine: RevengeRAT and WSHRAT.

In brief, the researchers found a VBScript code in the sample file that primarily serves as a malware dropper. The code generates another file “A6p.vbs”. Upon execution, “A6p.vbs” downloads another script file “Microsoft.vbs” from a remote server and saves it to the %TEMP% folder.

After some other activities, the code finally downloads the first Trojan RevengeRAT to the system. This Trojan then connects with two C&C servers to transmit the collected data from the infected device.

The attack then continues further where the same script downloads and executes another Trojan ‘WSH RAT’ which possesses more powerful malicious features.

The researchers have shared their findings and malware analyses in detail in their blog post.

Low Detection Rate

As described by the researchers, the new malware variant bears a low detection rate. It means the malware poses a threat to a large number of Windows devices, including those running robust antimalware programs.

Though, Virus Total shows a progressive increase in the number of security programs detecting this virus after Fortinet’s report. When the researchers shared their report, they could see 8 engines now detected this malware. However, at the time of writing this article, we could see 12 engines showing successful detection of this malware.

However, until more details surface online and proactive detection begins, users must remain cautious while opening any attachments, clicking on URLs, or downloading any apps from unknown/untrusted sources.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients