Cotx RAT

Cotx RAT Description

Recently, malware researchers spotted several campaigns targeting government institutions located in the East Asian region. It is likely that the Chinese hacking group called TA428 is responsible for these attacks.

Propagation Method

The infection vector appears to be spear-phishing emails. The targeted government workers would receive an email with a ‘.doc’ or ‘.rtf’ attachment, which they are urged to open. If the user falls for this trick and attempts to open the attached file, the attackers will use a known vulnerability in the Microsoft Equation Editor to plant a threat on the user’s computer.

A Specially Crafted RAT

In some of the launched campaigns, the threat that was planted on the victim’s system was the Poison Ivy RAT (Remote Access Trojan). However, the attackers have, apparently, decided to diversify their attacks and develop a brand-new RAT that was specifically crafted for this operation – the Cotx RAT.

Gaining Persistence

Once the Cotx RAT infiltrates a system, it will tamper with the Windows Registry to gain persistence, ensuring that the threat will be run every time that the computer is rebooted. Once this step is completed, the Cotx RAT will contact the C&C (Command & Control) server of its operators. This is where the Cotx RAT receives commands from and where it siphons all the collected data.


The Cotx RAT has an impressive list of capabilities. Among them are:

  • Launching files.
  • Taking screenshots.
  • Viewing directories.
  • Viewing files.
  • Viewing installed applications.
  • Viewing running processes.
  • Terminating processes.
  • Reading, writing, copying and deleting files.
  • Halting the connecting with the C&C server.
  • Removing itself from the host.

Despite the attackers only targeting government employees in East Asia, for now, it is likely that they may decide to expand their reach and begin targeting regular users. It is important that you download and install a reputable anti-malware tool, which will keep your system secure from pests like the Cotx RAT.

Do You Suspect Your Computer May Be Infected with Cotx RAT & Other Threats? Scan Your Computer with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide users with in-depth system security analysis, detection and removal of a wide range of threats like Cotx RAT as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover*

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.