MnuBot RAT

The MnuBot RAT is a Trojan that enables criminals to gain access to an infected computer from a remote location. The MnuBot RAT is being used as a banking Trojan primarily, to collect the victims' bank account login information. The MnuBot RAT includes components that allow it to be used to carry out a wide variety of attacks, including modules for banking Trojan attacks specifically. The MnuBot RAT can be used to collect information, monitor computer users, and use the victim's computer to carry out other attacks. The MnuBot RAT is written using Delphi, and its structure makes it highly adaptable. The MnuBot RAT's current iteration has been observed being used in attacks targeted towards Brazilian banking institutions and their customer mainly.

The MnuBot RAT Uses an Unusual Method to Contacts Its Command and Control Server

The MnuBot RAT includes advanced obfuscation components that allow it to avoid many security measures and anti-virus programs. While most banking Trojans connect to their Command and Control servers by using encrypted connections through non-standard ports, the MnuBot RAT uses a different approach. The MnuBot RAT masks its communication with the Command and Control server by disguising it as SQL traffic, which is often ignored by many anti-virus applications.

How the MnuBot RAT may be Installed

The MnuBot RAT is delivered to victims through the use of spam email messages with unsafe file attachments that use embedded macro scripts to download and install the MnuBot RAT onto the victim's computer. The MnuBot RAT will first check whether the infected computer is already infected, searching for a text file named 'Desk.tx' on the affected computer. If the MnuBot RAT doesn't find this file, it creates this text file, which contains the MnuBot RAT's configuration settings, and then installs the MnuBot RAT onto the victim's computer.

How the MnuBot RAT Carries Out Its Attack

Because of the MnuBot RAT's flexibility, this Trojan can be used for a variety of attacks. In the recent attacks where the MnuBot RAT was involved, the MnuBot RAT was receiving information from its Command and Control server, which allows it to target specific banking institutions. The MnuBot RAT receives communications almost in real time through a remote MSQL database, which also can help criminals prevent PC security researchers from reverse engineering and studying the MnuBot RAT. The MnuBot RAT can be used for a variety of things, including the following features:

• The MnuBot RAT can take screenshots of the infected PC.
• The MnuBot RAT can display fake versions of banking sites visited by the victims to trick the victims into entering their login information and password.
• The MnuBot RAT can execute commands on the affected operating system remotely.
• The MnuBot RAT can be used to record keyboard strokes and mouse clicks.
• The MnuBot RAT can mimic inputs on the victim's computer, which can help it bypass many protections on banking websites designed to detect automatic inputs used by malware.
• The MnuBot RAT also can be used to control the victim's computer remotely, which may include many actions, ranging from collecting data to rebooting the affected PC.

Preventing the MnuBot RAT Attacks

Since the MnuBot RAT is delivered to victims through the use of spam email messages mainly, the best way to prevent the MnuBot RAT attacks is to ensure that its content is handled safely. It also is important to have a good and updated security program working in real time to intercept attacks like the MnuBot RAT. You should monitor your bank accounts online with strong security protections to always ensure that criminals do not gain access to your bank accounts, and work together with your online banking provider to ensure that all the available security protections for your account are being provided currently.