There’s a new JavaScript downloader on the prowl that not only distributes eight different Remote Access Trojans (RATs), keyloggers and information stealers, but is also able to bypass detection by a majority of security tools, experts have warned.
Cybersecurity researchers at HP Wolf Security named the malware RATDispenser, noting that while JavaScript downloaders typically have a lower detection rate than other downloaders, this particular malware is more dangerous since it employs several techniques to evade detection.
“It’s particularly concerning to see RATDispenser only being detected by about 11% of antivirus systems, resulting in this stealthy malware successfully deploying on victims’ endpoints in most cases,” noted Patrick Schlapfer, Malware Analyst at HP.
Schlapfer adds that RATs and keyloggers assist attackers gain backdoor access to infected computers. The actors then usually use the access to help siphon credentials for user accounts, and increasingly cryptocurrency wallets, and in some cases might even hawk the access on to ransomware operators.
Ratatouille
The researchers note that the infection chain begins with a user receiving an email containing a malicious obfuscated JavaScript. When it runs, the JavaScript writes a VBScript file, which in turn downloads the malware payload, before deleting itself.
Further research revealed that there were at least three different RATDispenser variants over the last three months for a total of 155 samples. While a majority of these samples were droppers, ten were downloaders that communicated over the network to fetch a secondary stage of malware.
“The variety in malware families, many of which can be purchased or downloaded freely from underground marketplaces, and the preference of the malware operators to drop their payloads, suggest that the authors of RATDispenser may be operating under a malware-as-a-service business model,” believe the researchers.
Protect your computers with these best antivirus, and cleanse them with these best malware removal software
