RSA Finally Exposes ‘GlassRAT’ a RAT Running for Years

According to RSA the security company, an earlier unidentified RAT (remote access tool) named "GlassRAT" is now exposed.

The Trojan enjoying zero detection seems to have been running treacherously for 3-yrs, with evidence that it's getting utilized in one highly prevalent targeted attack that concentrates on Internauts in China employed at corporate houses.

GlassRAT utilizes plentiful typical indications of good, extremely effective for the minimum, malware creation. An installer of the malware is signed utilizing one hijacked certificate of one renowned and trustworthy publisher. Once the payload is delivered, the malware deletes itself. The payload when installed causes the malevolent DLL file to remain undetected to anti-virus firms.

It maybe noted that the command-and-control (C&C) infrastructure of GlassRAT has shown a short-interval similarity with the C&C detected within campaigns related to malicious software disclosed during 2012 which attacked the Pacific region's military and government agencies.

In particular, GlassRAT linked up with the C&C hosting for Mirage malware that in turn is linked up with Mirage, PlugX and Magicfire malware attacking the government of Mongolia and the military of Philippines.

RSA states the similarity within shared infrastructure suggests probable slippage of operational securities from GlassRAT perpetrators at least if not execution of infrastructure sharing. Threatpost.com reported this, November 23, 2015.

The organization from where the certificate was seized isn't known because RSA wouldn't reveal the name; however, the company does state that the certificate is annulled. With the said certificate the malware's installer is digitally authorized that erases itself having pulled down the RAT onto the hijacked computer. According to RSA, an unnamed software firm at Beijing has created one application which pulling along over 500m users has its name identical to the one the RAT uses within the certificate window at the time of installation.

Meanwhile, Primary Researcher Kent Backman for the investigation at RSA says, the malware is known to be very effective against big-budget multinational corporations. For years it remained undetectable to anti-virus software with the possibility that if it were to be even widely implemented it would have had fewer chances of bypassing anti-virus detection, Backman highlights. Threatpost.com reported this.

» SPAMfighter News - 11/30/2015