Kedi RAT

The Kedi RAT is a malware that criminals can use to control the victim's computer from a remote location. RATs, or Remote Access Trojans, allow criminals to use a computer and access its contents automatically. The Kedi RAT was first observed in September 2017 and has been linked to various recent attacks in August 2018. There aren't any drastic differences between the Kedi RAT and other RATs. Typically, the breakthroughs in these attacks take place in the ways they are distributed, bypassing the victim's security to install the Kedi RAT component. One unique aspect of the Kedi RAT, however, is how it communicates with its Command and Control servers. The Kedi RAT seems to use Gmail to send email messages to its operators.

How the Kedi RAT Attacks a Computer

The Kedi RAT is being distributed as a bogus version of Citrix, a utility that businesses use to maintain their workflow and manage their operations. This is a typical method of carrying out attacks, by disguising malware like the Kedi RAT by making the victims believe that their files contain something different. The victims of the Kedi RAT attack will receive phishing emails supposedly containing an update for Citrix. When the victims open the supposed update, the Kedi RAT is installed on their computers.

How the Kedi RAT Attack Works

Once the Kedi RAT is installed on the victim's computer, the Kedi RAT will make changes to the Windows Registry to ensure persistence and take over the victim's computer. The Kedi RAT has numerous features typically associated with other RATs. Some of the features that PC security analysts have observed in the Kedi RAT include:

• The Kedi RAT can be used to open the victim's files, including encrypted data and password protected files.
• The Kedi RAT can be used to take screenshots of the infected computer, including pictures of the desktop and any open applications.
• The Kedi RAT can run in the background to log any keystrokes on the infected computer's desktop, allowing it to intercept messages, passwords, and other sensitive, private data.
• The Kedi RAT can be used to collect files, which can be uploaded to its Command and Control servers.
• The Kedi RAT includes components that allow it to observe if it is running in a virtual environment. If this is the case, the Kedi RAT will crash intentionally and delete itself to prevent PC security researchers from dissecting and studying its code.
• The Kedi RAT is capable of collecting passwords and login credentials from many commonly used applications, which include Web browsers, email applications, FTP clients, Instant Messaging software and numerous other.

The unique trait of the Kedi RAT that is not seen in other threats commonly is its ability to use the HTML version of Gmail to communicate with its Command and Control servers through encrypted emails. Due to the Kedi RAT's obfuscation features and its features to avoid detection, it may be difficult to detect or remove the Kedi RAT threat.

Protecting Your Computer from Threats Like the Kedi RAT

The best protection against threats like the Kedi RAT is to have the latest security patches for your operating system and applications. You should be aware of how phishing tactics work and observant when opening unsolicited emails or clicking on potentially suspicious links. Paying attention to their URLs and learning to spot anything that may be off about an online advertisement, a link, or an email, can help computer users protect themselves from threats like the Kedi RAT. Of course, a security program that is always up to date can intercept threats like the Kedi RAT before they are installed and remove threats like the Kedi RAT from an infected computer.