Posted on Leave a comment

Researchers Identified A New malware Which Bypasses Multiple AV’s.

Cybersecurity researchers at HP Wolf Security called the malware RATDispenser, saying that this specific malware is especially dangerous since it employs numerous tactics to elude detection. While JavaScript downloaders normally have a lower detection rate than other downloaders.

Researchers have warned that a new JavaScript downloader is on the loose, capable of not only distributing eight different Remote Access Trojans (RATs), keyloggers  and information stealers, but also avoiding detection by the majority of security solutions.

Patrick Schlapfer, Malware Analyst at HP. stated that “It’s especially troubling to see RATDispenser being identified by only roughly 11% of antivirus systems, resulting in this stealthy malware successfully deploying on victims’ endpoints in the vast majority of situations”.

RATs and keyloggers help attackers acquire backdoor access to affected systems. The hackers  normally use the access to assist syphon passwords for user accounts and increasingly bitcoin wallets in certain situations, they may even sell it to ransomware operators.

The infection cycle starts when a user receives an email containing harmful obfuscated JavaScript, according to the researchers. When the JavaScript starts, it creates a VBScript file that downloads the malware payload before terminating.

Further investigation revealed that throughout the last three months, there were at least three separate RATDispenser variations, totaling 155 samples. While the bulk of these copies were droppers, five were downloaders that communicated over the network in order to obtain a second stage of malware.

Finally the researchers concluded that “The range of malware families, many of which can be purchased or downloaded for free from underground marketplaces suggests that the creators of RATDispenser may be operating under a malware-as-a-service business model.”

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin

Leave a Reply