Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

EnSilo - Moker RAT Moves Out Wildly Across the Internet


Infosecurity-magazine.com published news on 8th October, 2015, quoting security experts of Israeli cyber-security start-up enSilo as saying, "We have found a fresh Remote Access Trojan (RAT) in the wild dubbed Morker which is capable to take complete control of the victim's computer".

According to enSilo, Moker is unique while bypassing and its ability to disable security measures. This includes everything from security-dedicated measures like antivirus, sandboxing and virtual machines to built-in security enhancements of Window like User Access Control (UAC).

enSilo analysed and said that Moker targets Windows machines and can take control of the victim's machine. It does this by creating a fresh user account and opening an RDP canal to gain distant control of the victim's device, but it can also operate without a command and control (C&C) server and can receive its commands locally through a hidden control panel.

This means that a threat actor can also login through something like a VPN using legitimate credentials of user, and operate the malware on the infected device and could be considered a "local access Trojan" or LAT.

Threatpost.com published news on 7th October, 2015, quoting Yotam Gottesman, a Senior Security Researcher of enSilo, as saying that (Moker's) detection evasion tactics include encryption of its own self along with a two-step installation.

RAT could become a real trouble-maker for users if it is implanted on a system. A cybercriminal could somewhat gain complete control of the system to take screenshots, smell keystrokes, record online traffic besides exfiltrating files. They could also force the malware to open fresh user accounts, amend security settings and infuse malicious code during runtime on the system.

It is exactly not clear that who is behind the malware - enSilo highlights that the RAT communicated with a Montenegro-based server, a tiny Balkan nation bordering Serbia and Kosovo, but admits that this was perhaps carried out to throw-off law enforcement agencies and researchers.

Moker has not been spotted in VirusTotal and to guard against it, the firm suggested that organisations "block in real-time all maligned outbound communications, foil real-time maligned tampering of files and follow up on real maligned communicating/tampering attempts in trying to execute attack forensics".

» SPAMfighter News - 15-10-2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next