ArrowRAT

ArrowRAT is a threatening Remote Access Trojan (RAT) that can allow threat actors to perform numerous, invasive actions on the infected devices. The threat is being offered for sale by its creators in a Malware-as-a-Service (MaaS) scheme. According to ArrowRAT's promotional message, cybercriminals can choose between three different subscription tiers - 1 month for $100, 3 months for $300 and lifetime access for $400.

Once established on the victim's device, ArrowRAT can open a hidden virtual desktop via its Hidden Virtual Network Computing (HVNC) component. Even attackers with minimal technical knowledge can use this feature to access multiple browsers (Chrome, Firefox, Edge, Brave) or email clients (Outlook, Foxmail, Thunderbird) on the infected systems. The cybercriminals also can access and collect the victim's saved passwords, browsing hist or cookies. Passwords can be recovered from a wide range of different browsers, with some examples including Amigo, Chromium, Comodo, Opera, Vivaldi and more.

ArrowRAT can be instructed to harvest system-related information, run keylogging routines, manipulate the file system and modify the startup items. The harmful features of the threat also include the ability to take control over attached microphones or video cameras. The cybercriminals also will be able to kill chosen processes, edit the system's Registry and run arbitrary CMD commands.