ApolloRAT

ApolloRAT, as its name suggests, is a Remote Access Trojan (RAT). The threat was created using the Python programming language and it is equipped with a large set of harmful functions. Like most threats of this type, ApolloRAT can provide the attackers with remote access to the breached device. Afterward, the hackers can proceed to execute arbitrary shell commands on the system, cause it to shut down or restart, and even trigger a critical system error.

Depending on the specific goals of the attackers, ApolloRAT can be instructed to collect vast amounts of data from the infected system. The gathered details may include the IP address, browsing history, Wi-Fi passwords, passwords extracted from the victim's browsers and more. The malware also can manipulate the files system by downloading additional files or uploading selected files, allowing the cybercrminals to deliver next-stage threatening payloads to the device or obtain sensitive and confidential data. ApolloRAT also can take screenshots, display messages or play text-to-speech audio. The threat actors can use ApolloRAT as part of phishing schemes. The malware can display fake application interfaces or PDF documents.

It should be noted that ApolloRAT possesses several anti-detection techniques. First, it is compiled with the Nuitka source-to-course compiler, making reverse-engineering it far more difficult, as Nuitka is not a common choice among cybercriminals. The threat can scan for signs of being run inside a virtual environment, disable Windows Defender and Firewall, as well as the Windows Task Manager. The use of the Discord messaging platform as the Command-and-Control (C&C) server further hinders the detection of the malware.