CrossRAT

CrossRAT is a Remote Access Trojan that, as its name indicates, is a cross-platform threat, meaning that its attacks are not limited to computers running the Windows operating system, as is the case with the vast majority of threats. A group that is being called ‘Dark Caracal’ developed CrossRAT. CrossRAT was first observed in early January 2018. There are signs, however, indicating that CrossRAT started to be developed in Spring of 2017. CrossRAT is delivered as a JAR file, a Java executable. CrossRAT can infect computers across multiple operating systems, including Windows, MacOS, Linux and Solaris.

How CrossRAT is Being Delivered to the Victims of this Attack

CrossRAT is being delivered to victims through the use of social engineering messages online. PC security researchers have observed CrossRAT's being delivered to victims through targeted messages on Facebook and WhatsApp, particularly on groups and channels on these platforms. CrossRAT attacks have been detected all around the world, and it does not seem to be limited to one specific geographic location. CrossRAT will be delivered through compromised websites where victims are convinced to download PDF files, which contain CrossRAT embedded in the form of bad macro scripts that download and install CrossRAT onto the victim's computer. PC security researchers have observed that the cybercrooks also can force victims to download and install CrossRAT through the use of corrupted redirect scripts on compromised websites.

How CrossRAT may be Used to Attack Computer Users

Victims of CrossRAT are prompted to download a JAR file named 'hmar6.jar.' This file will recognize the affected computer's operating system and then make changes to its settings that allow CrossRAT to run automatically when the infected computer starts up. CrossRAT will connect to its Command and Control servers to relay information about the infected computer, as well as to receive commands to execute on the infected computer. The purpose of CrossRAT, as with most RATs, is to allow third parties to take over the infected computer and control it from a remote location. Using CrossRAT, outsiders can collect information, harass the victim, or install other malware. Because of this, computer users should take steps to protect their data from CrossRAT and other threats. These steps should include installing a strong anti-virus program and other security practices.

Protecting Your Computer from Malware Like CrossRAT

At this point, CrossRAT seems to be incomplete since not all of its features seem to be functional. CrossRAT only supports keylogging (tracking keystrokes on the infected computer) and file management on the infected computer. It is likely that CrossRAT will be updated to include other features common to most RATs. The best protection against threats like CrossRAT is to install a strong security program and ensure that it runs at all times and is always fully updated. Avoiding typical distribution vectors associated with CrossRAT means that computer users will need to reevaluate how they handle email and online downloads. Education, combined with better online security practices, is just as important for protecting your computer from malware like CrossRAT as is using strong security software like anti-virus programs and firewalls. One worrying aspect of CrossRAT is its ability to carry out attacks across platforms. Linux and MacOS users may believe that their computers are inherently safe from malware since the vast majority of malware is designed to infect computers running Windows. Therefore, they may not be as prepared to deal or prevent CrossRAT attacks as computer users using the more common Windows operating system.