Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


RSA Finally Exposes ‘GlassRAT’ a RAT Running for Years

According to RSA the security company, an earlier unidentified RAT (remote access tool) named "GlassRAT" is now exposed.

The Trojan enjoying zero detection seems to have been running treacherously for 3-yrs, with evidence that it's getting utilized in one highly prevalent targeted attack that concentrates on Internauts in China employed at corporate houses.

GlassRAT utilizes plentiful typical indications of good, extremely effective for the minimum, malware creation. An installer of the malware is signed utilizing one hijacked certificate of one renowned and trustworthy publisher. Once the payload is delivered, the malware deletes itself. The payload when installed causes the malevolent DLL file to remain undetected to anti-virus firms.

It maybe noted that the command-and-control (C&C) infrastructure of GlassRAT has shown a short-interval similarity with the C&C detected within campaigns related to malicious software disclosed during 2012 which attacked the Pacific region's military and government agencies.

In particular, GlassRAT linked up with the C&C hosting for Mirage malware that in turn is linked up with Mirage, PlugX and Magicfire malware attacking the government of Mongolia and the military of Philippines.

RSA states the similarity within shared infrastructure suggests probable slippage of operational securities from GlassRAT perpetrators at least if not execution of infrastructure sharing. Threatpost.com reported this, November 23, 2015.

The organization from where the certificate was seized isn't known because RSA wouldn't reveal the name; however, the company does state that the certificate is annulled. With the said certificate the malware's installer is digitally authorized that erases itself having pulled down the RAT onto the hijacked computer. According to RSA, an unnamed software firm at Beijing has created one application which pulling along over 500m users has its name identical to the one the RAT uses within the certificate window at the time of installation.

Meanwhile, Primary Researcher Kent Backman for the investigation at RSA says, the malware is known to be very effective against big-budget multinational corporations. For years it remained undetectable to anti-virus software with the possibility that if it were to be even widely implemented it would have had fewer chances of bypassing anti-virus detection, Backman highlights. Threatpost.com reported this.

» SPAMfighter News - 11/30/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page