TorRAT Malware

The TorRAT malware is a remote access Trojan that is commonly associated with attacks on financial institutions. Like other remote access Trojans, the TorRAT malware is specifically designed to allow a third party to gain access to a computer from a remote location without the computer user's authorization. There's a recent wave of attacks which spread the TorRAT malware infections through malicious links on Twitter. According to reports received from affected computer users, hijacked Twitter accounts are used to share links that lead to attack websites that attempt to inject TorRAT malware into the victim's computer. If you have a reason to believe that your machine has been exposed to the TorRAT malware, ESG security researchers strongly advise to put into service an authentic anti-malware program to analyze your PC.

ESG malware researchers have dealt with the TorRAT malware before, mainly in attacks that use this dangerous remote access Trojan to target financial institutions. The first step in the campaign that is being used to disseminate the TorRAT malware involves using Man-in-the-Browser (MitB) tactics to infect computers through vulnerabilities in their Web browser. These kinds of attacks are particularly effective when the intent of the attack is to take over a victim's online banking account. However, in this case they are used to steal a victim's Twitter credentials. Once this occurs, the victim's Twitter account is used to disseminate malicious links that result in TorRAT malware infections. The main reason why this particular attack is so effective is because victims are essentially receiving links to the TorRAT malware from sources they trust; accounts that they follow on Twitter.

The Tactic of Distributing TorRAT Malware Through Twitter is Particularly Effective

Using Twitter to distribute the TorRAT malware makes this attack more effective than traditional spear phishing email messages because of the implied trust in following a Twitter account. More importantly, shortened URLs are used generally on Twitter because of Twitter's character limit. This means that computer users are less likely to be suspicious of a shortened malicious link since they certainly not will have a way of determining whether the link is malicious. Until they click on it. Clicking on a malicious link leads to a Java-based exploit that installs the TorRAT malware. This dangerous Trojan allows criminals to control the infected computer remotely, stealing sensitive information and using it to carry out further attacks.