BKDR_XTRAT.B
BKDR_XTRAT.B is a malware infection that was used in a recent attack against the Israeli police force. This malware attack began with a phishing email message that used a spoofed email address from Benny Gatz, the head of the Israel Defense Forces. This dangerous email message contained the BKDR_XTRAT.B infection in an attached RAR archive. Once installed, this backdoor Trojan installs XtremeRAT, a remote access Trojan that allows a third party to gain access to the infected computer and control from a remote location similarly to a PC user that is in front of the infected computer. This is not something new that XtremeRAT has been used to attack computers in this part of the world; the use of this remote access Trojan in attacks targeting Syrian activists.
Table of Contents
BKDR_XTRAT.B Has Been Updated with New Features
Although XtremeRAT has been observed in previous attacks, ESG security researchers have observed new features added to this dangerous malware infection. These include the following:
- This version of XtremeRAT can now attack computers using the Windows 8 operating system.
- BKDR_XTRAT.B ability to eavesdrop on audio and to clone the infected computer's desktop on the remote computer has been improved.
- BKDR_XTRAT.B now has better password stealing capabilities for Mozilla Firefox and Google Chrome. Criminals have also added Opera and Safari to the list of web browser affected by BKDR_XTRAT.B's password stealing components.
- The developer of BKDR_XTRAT.B also delivers free updates to criminals using BKDR_XTRAT.B to attack computers.
The above 'features' are features that all remote access Trojans share, such as the ability to modify, delete and copy files on the infected computer or the capability to establish a connection to a specific URL.
XtremeRAT has some benign uses. For example, many computer users use XtremeRAT to gain access to their home computer when they are traveling or to assist with tech support purposes. However, BKDR_XTRAT.B is a modified version of XtremeRAT that allows criminals to gain access to a computer without authorization. This is done with the addition of a backdoor to the attack. This is simply a term used to mention an illegitimate opening in the victim's computer's security. By using this backdoor, criminals can use XtremeRAT to steal information and to control the victim's computer from a remote location.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %System%\sethc.exe | |
| 2. | %User Temp%\Word.exe | |
| 3. | %Application Data%\Microsoft\Windows\jhfjgj.dat | |
| 4. | Report & Photos.rar |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.