Milum RAT Description
The Milum malware is a RAT (Remote Access Trojan) that has been deployed in two operations so far. The first campaign took place in April 2019, and the following one was executed in March 2020. After studying this threat, malware researchers suspect that the Milum RAT is the creation of a highly-skilled group of individuals. It is not likely that the cybercriminals responsible for the Milum Trojan would be going after regular users. The creators of the Milum RAT will likely target big corporations and businesses. In their latest campaign called WildPressure, the authors of the Milum RAT targeted companies located in the Middle East.
Most RATs that are intended to target regular users are able to steal login credentials, take screenshots, record audio via the device’s microphone, record video via the PC’s camera, or launch DDoS (Distributed-Denial-of-Service) attacks against certain targets. However, since the Milum RAT is not meant to target regular users, its capabilities are rather different. The Milum Trojan operates silently in order to avoid detection for longer periods of time.
Upon compromising a targeted system, the Milum RAT will connect to the attackers’ C&C (Command & Control) server. The creators of the Milum Trojan have made sure that all the communication between the threat and the C&C server is securely encrypted via RC4. The Milum RAT is able to:
- Determine what the device’s OS is.
- Check for the presence of anti-malware applications.
- Execute remote commands.
- Update itself.
- Delete itself.
The creators of the Milum RAT appear to be a rather new group of hackers. It is likely that they will continue expanding their hacking arsenal and broadening their reach worldwide.