TRat

TRat is a Remote Access Trojan, a malware that is used to gain access to an infected computer. TRat has been associated with TA505, a criminal group that has been responsible for various attacks. TRat carries out its activities via port 80, using encoded hex strings to communicate with its Command and Control servers. The group of criminals responsible for tRat was the perpetrator of some of the most important malware campaigns in recent memory, including Dridex in 2014 and the proliferation of the Locky Ransomware Trojan in 2016 and 2017. The tRat Trojan is one of the most widely used RATs in 2018, and attacks involving tRat have been observed in September and October of this year.

Why You Should Avoid Being Infected by the tRat

The tactics used to distribute tRat have involved corrupted Microsoft Publisher files distributed over compromised spam email attachments. Once tRat is ready for use, it will install its corrupted files to the install folder associated with the Adobe Flash Player and create a new startup entry for itself in the startup directory, which allows tRat to run automatically whenever the victim's computer starts up. A campaign initiated on September 27, 2018, has been associated with tRat, generally using social engineering techniques to trick victims into downloading and installing tRat onto their computers. Additional campaigns linked to tRat were observed on October 11, 2018, with very little to differentiate them from numerous other malware attacks. The tRat infection itself is simple relatively and consists of taking over the victim's computer and allowing the attackers to gain access to it from a remote location. Like many modular threats, tRat can be operated using a variety of modules, which can be used to enact various aspects of the tRat attack.

Some Details About the Modules Associated with a tRat Attack

Currently, PC security researchers have not been able to observe the modules used by tRat or intercept its communications. However, based on similar threats, it is likely that the modules associated with tRat can give it some of the following functions:

• The modules associated with RATs like tRat can enable criminals to access the affected computer's file system, allowing them to delete, copy, or create new files on the infected computer. This can be used to collect data or install other malware on the infected computer.
• The modules associated with RATs like tRat can enable criminals to monitor the infected computer. To do this, tRat can log keystrokes or take screenshots, which allows a criminal to collect passwords or other data from the infected computer.
• Additionally, these modules can often allow the criminals to use threats like tRat to gain access to peripherals on the infected computer. Using these functions, the criminals can use the infected computer system to 'listen' through its microphone or to monitor it using its webcam. Additionally, these functions can be used to harass computer users.

The Effects and Implications of Attacks Like the tRat’s

PC security researchers have paid special attention to the tRat attacks because of its association with this particular criminal group, which has been associated with a variety of high profile attacks closely. Furthermore, these attackers will often establish patterns or precedent that is then associated with other criminal groups that continue in the same vein. The use of tRat points to a trend throughout other criminal groups in using loaders, password collecting malware, and RATs, to attempt to gain long-term profits through these attacks. This is opposed to a rise in ransomware and other malware in recent years that is dependent on a short-term or immediate return on the attack. These long-term attacks are worrying particularly since threats like tRat can often remain undetected on a computer for long periods of time.