The ObliqueRAT (Remote Access Trojan) malware is a recently uncovered threat that seems to be targeting the Southeast Asian region, primarily. Furthermore, the ObliqueRAT appears to be utilized in attacks against businesses mainly, rather than regular users. So far, malware experts have been unable to detect a particular hacking group that may be responsible for the campaigns propagating the ObliqueRAT. The ObliqueRAT may not be very impressive when it comes to features, but it is a very stealthy threat that may remain undetected over long periods. However, since cybersecurity researchers spotted this threat, they have worked tirelessly to study it and make sure that anti-malware tools are capable of detecting it successfully.

Propagation Method

The propagation method employed in the spreading of the ObliqueRAT is phishing emails. The authors of the ObliqueRAT would craft fraudulent emails carefully, which are then distributed to various employees of the targeted company. Usually, the fake email would claim to contain an important attachment that is to be reviewed immediately. However, launching the attachment would allow the ObliqueRAT to compromise the system of the targeted user. Be very wary when opening attachments from unknown sources as you may end up putting your safety and your company’s security at risk.

Gaining Persistence

To gain persistence on the infected host, the ObliqueRAT would tamper with the Windows Registry. This means that every time the system is rebooted, the ObliqueRAT will be launched. The ObliqueRAT also is capable of checking the compromised system for the presence of another version of this threat. This is done to prevent the ObliqueRAT from running on an already infected host.


Despite not having too many features, the ObliqueRAT has just enough to cause damage to its targets. This threat is capable of:

  • Fetching additional payloads.
  • Planting the additional payloads on the host.
  • Collecting files.
  • Uploading the collected files to the attackers’ C&C (Command & Control) server.
  • Terminating processes.

After observing the activity of the ObliqueRAT, security analysts concluded that it is likely that this threat is used in reconnaissance operations over long periods. Make sure your computer and your data are protected by a legitimate anti-malware solution. Furthermore, do not forget to update your applications regularly to avoid having obvious vulnerabilities in your system.


Most Viewed