RAT Hides as Windows® and Yahoo!® Messenger
17 de stycznia de 2013
Download the full research paper: FAKEM RAT:Malware Disguised as Windows® Messenger and Yahoo!® Messenger
Attackers often use remote access Trojans (RATs), which typically have graphical user interfaces (GUIs) and remote desktop features that include directory browsing, file transfer, and the ability to take screenshots and activate the microphone and web camera of a compromised computer. Attackers often use publicly available RATs like Gh0st, PoisonIvy, Hupigon, and DRAT, and “closed-released” RATs like MFC Hunter and PlugX. However, the network traffic these RATs produce is easily detectable although attackers still successfully use them.
Attackers always look for ways to blend their malicious traffic with legitimate traffic to avoid detection. We found a family of RATs that we call “FAKEM” that make their network traffic look like various protocols. Some variants attempt to disguise network traffic to look like Windows® Messenger and Yahoo!® Messenger traffic. Another variant tries to make the content of its traffic look like HTML. While the disguises the RATs use are simple and distinguishable from legitimate traffic, they may be just good enough to avoid further scrutiny.
HIDE
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Post-Quantum Cryptography: Migrating to Quantum Resistant Cryptography
- Rising From the Underground: Hacktivism in 2024
- Guarding AI Models From Malicious Alterations in the AI PC Era
- Navigating the Threat Landscape for Cloud-Based GPUs
- Kong API Gateway Misconfigurations: An API Gateway Security Case Study