Spam emails delivering XtremeRAT

Socially engineered spam emails were used to spread a publicly available malware named Xtreme RAT. This malware is RAT (Remote Access Trojan) which allows hackers to remotely control/issue commands to a compromised machine. These malware usually works covertly on the compromised machines without being detected for long period of time. Researchers at RSA  obtained these spam emails which appear to target Spanish users. [1]

Xtreme RAT was available since 2010 as documented by FireEye . This malware was most likely being used by cyber espionage groups due to its functionalities as well as easy availability. This RAT allows an adversary to:

  • Interact with the compromised machine via a remote shell
  • Upload/download files on remote machine
  • Interact with the registry of compromised machine
  • Manipulate running processes and services
  • Capture screenshots
  • Record from connected devices, such as a webcam or microphone

Event date: 1 Aug 2017

Reference:

[1] https://community.rsa.com/community/products/netwitness/blog/2017/08/02/malspam-delivers-xtreme-rat-8-1-2017

[2] https://www.fireeye.com/blog/threat-research/2014/02/xtremerat-nuisance-or-threat.html

Leave a Reply

Your email address will not be published. Required fields are marked *