HeartBeat DescriptionType: Adware
HeartBeat is a malware infection currently classified by many PC security researchers as an Advanced Persistent Threat (APT). This dangerous Trojan infection has been used in targeted attacks against the government of South Korea as well as other institutions associated with the South Korean government. ESG security researchers have observed attacks involving HeartBeat since 2009 and suspect that this malware infection may have been active since even earlier. The main targets of HeartBeat include the following:
- South Korean political parties.
- Branches of the South Korean government.
- The South Korean military.
- South Korean media agencies.
- A business that is a known supplier of the South Korean government.
- An institute that researches South Korea's national policy.
The main tool used in this dangerous malware attack is a remote access Trojan, also known as a Remote Administration Tool (RAT). These are programs designed to control or gain admittance to a computer from an outside location. ESG security researchers have observed attacks involving the aforementioned RAT since 2009, with a particularly widespread attack since 2011. The HeartBeat RAT is distributed through malicious documents that are opened by victims of a social engineering attack. These documents tend to be included as email attachments and will often have two components; an actual document containing the advertised content (in order to dispel any suspicions) and the actual malicious component. Although this malicious document may be distributed through a number of channels, phishing email messages directed towards the targeted institutions are the most likely culprit.
The HeartBeat RAT uses a malicious DLL file that allows this malware's code to be injected into the infected computer's own file processes. When this element is accessed, the HeartBeat RAT connects to a remote server in order to receive commands and relay information on the infected computer. The HeartBeat RAT can be used to carry out the following tasks:
- Detecting all running processes on the infected computer.
- Receiving and installing updates.
- Deleting or uploading files on the infected computer.
- Allowing a third party to control the infected computer from a remote location.
One aspect of HeartBeat that makes the HeartBeat RAT unique is the fact that infected computers are then used as command and control hosts to subsequent infections, making it considerably more difficult than normal to detect the source of the HeartBeat attack.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.