By Sumo3000 in Malware

Threat Scorecard

Threat Level: 20 % (Normal)
Infected Computers: 19
First Seen: January 9, 2013
Last Seen: February 28, 2022
OS(es) Affected: Windows

HeartBeat is a malware infection currently classified by many PC security researchers as an Advanced Persistent Threat (APT). This dangerous Trojan infection has been used in targeted attacks against the government of South Korea as well as other institutions associated with the South Korean government. ESG security researchers have observed attacks involving HeartBeat since 2009 and suspect that this malware infection may have been active since even earlier. The main targets of HeartBeat include the following:

  • South Korean political parties.
  • Branches of the South Korean government.
  • The South Korean military.
  • South Korean media agencies.
  • A business that is a known supplier of the South Korean government.
  • An institute that researches South Korea's national policy.

The main tool used in this dangerous malware attack is a remote access Trojan, also known as a Remote Administration Tool (RAT). These are programs designed to control or gain admittance to a computer from an outside location. ESG security researchers have observed attacks involving the aforementioned RAT since 2009, with a particularly widespread attack since 2011. The HeartBeat RAT is distributed through malicious documents that are opened by victims of a social engineering attack. These documents tend to be included as email attachments and will often have two components; an actual document containing the advertised content (in order to dispel any suspicions) and the actual malicious component. Although this malicious document may be distributed through a number of channels, phishing email messages directed towards the targeted institutions are the most likely culprit.

The HeartBeat RAT uses a malicious DLL file that allows this malware's code to be injected into the infected computer's own file processes. When this element is accessed, the HeartBeat RAT connects to a remote server in order to receive commands and relay information on the infected computer. The HeartBeat RAT can be used to carry out the following tasks:

  • Detecting all running processes on the infected computer.
  • Receiving and installing updates.
  • Deleting or uploading files on the infected computer.
  • Allowing a third party to control the infected computer from a remote location.

One aspect of HeartBeat that makes the HeartBeat RAT unique is the fact that infected computers are then used as command and control hosts to subsequent infections, making it considerably more difficult than normal to detect the source of the HeartBeat attack.


HeartBeat may call the following URLs:


1 Comment

i ran the spyhunter malware scanner and it didnt show any virus. But in my startup task manger it showed the heartbeat virus running. ???? what should i do next? Thanks


Most Viewed