Frutas RAT

By GoldSparrow in Remote Administration Tools

A dangerous malware campaign that is being developed to target computers in high profile targets such as businesses and government institutions has been uncovered recently. Although it seems that Frutas RAT attacks are designed to target companies in Europe and Asia, the majority of Frutas RAT infections today occur in Mexico, with nearly 40% of attacks concentrated in this country. Prime targets of Frutas RAT infections include companies in the telecommunications sector, mining, financial institutions and government agencies.

How Frutas RAT Spreads from One Computer to Another

The Frutas RAT is being distributed using phishing email messages with tantalizing subject lines such as 'Obama Releases Three Declassified Spying Docs,' 'U.S. Consul General Hart Arrives in Hong Kong' or 'UK-Northern Ireland-Japan InfoSec Agreement', all of which are designed to target a specific type of victim. Once the victim opens the infected email message, the Frutas RAT is installed. This dangerous malware infection, officially known as Backdoor.Opsiness, is a malicious Java-based Trojan that may allow criminals to obtain thorough control over the infected computer.

Malicious email messages used to distribute Frutas RAT include two malicious file attachments. One of them is a PDF document that may contain the news story in question. This PDF file acts as a decoy, to distract the victim while Frutas RAT is being installed in the background. The other file is a JAR file which is actually a malicious Java script that is used to install Frutas RAT. When this malicious JAR file runs, Frutas RAT first gathers information about the infected computer, particularly its network and identifying data. Frutas RAT then establishes an unauthorized connection with its Command and Control server and sends this information to a third party.

The Potentially Harmful Components of Frutas RAT

Frutas RAT isn't really meant to be destructive. Rather, Frutas RAT gathers information that may then be used for more devastating malware attacks. However, Frutas RAT does include RAT functions that allow a third party to carry out tasks on the infected computer and even use it to perform DoS attacks. Frutas RAT gives criminals a distinct advantage in their operations and the use of Frutas RAT in malware attacks targeting computers in the industries mentioned above have increased lately. Frutas RAT was developed by Spanish hackers and is currently being distributed through underground hacking forums.


Most Viewed