BitterRAT
The BITTER hacking group is a crew of highly-skilled cybercriminals that are believed to originate from South East Asia. Malware researchers first spotted this APT (Advanced Persistent Threat) back in 2015, and they are still active to this day. Most of the victims of the BITTER hacking group are located either in Pakistan or in China.
Often Operates in Combination with the ArtraDownloader
One of the most commonly used tools by the BITTER APT is the BitterRAT. Usually, the BITTER hacking group tends to combine the BitterRAT with the ArtraDownloader. Theses two pieces of malware appear to be the most preferred tools in the hacking arsenal of the BITTER APT. The ArtraDownloader would serve as a first-stage payload, which would enable the attackers to plant the BitterRAT on the infected host. When this is completed, the operators of the BitterRAT will be able to take control of the compromised PC. Remote Access Trojans are formed of two parts - a server that is meant to be planted on the compromised system, and a client that can be used to control the server component.
Capabilites
The BitterRAT is able to:
- Download files.
- Upload files.
- Modify files.
- Delete files.
- Execute files.
- Browse files.
- Gain access to the webcam and microphone.
- Send remote shell commands.
- Enumerate drives.
- Take control over running software.
- Update itself.
- Delete itself.
However, 'BitterRAT's weakness is its lack of any self-preservation capabilities. This means that this hacking tool cannot obfuscate its code and is not able to detect whether it is being run in a malware-debugging system. Download and install a legitimate anti-malware application and use it to remove the BitterRAT from your system safely.
