MagicRAT is a threatening tool that falls into the RAT (Remote Access Trojan) category. These intrusive threats are utilized by cybercriminals and APT (Advanced Persistent Threat) groups in the early stages of an infection chain. The main task of RAT threats is to establish a backdoor connection to the breached devices and allow the attackers to exert a certain level of control over the system. Details about MagicRAT were revealed to the public in a report by researchers. According to the findings in the report, MagicRAT is a threat attributed to the infamous Lazarus APT Group, believed to have ties to North Korea.

The security experts discovered that MagicRAT is written using the C++ programming language and the rather uncommon for malware threats Qt Framework. Being a RAT, the threat allows for remote access to the victim's system as well as the execution of certain actions and commands. Still, the threat actors can manipulate the file system, allowing them to move, rename or delete chosen files. MagicRAT also collects important system information from the breached devices. Cybercriminals also can use the RAT to deliver additional, more specialized payloads or threatening tools.

However, MagicRAT carries a rather narrow set of features and functions. Instead, it appears to be focused primarily on stealth and remaining undetected by anti-malware and other endpoint security solutions. Later MagicRAT versions also contained a command for deleting themselves from the infected systems.


Most Viewed