By GoldSparrow in Remote Administration Tools

PentagonRAT is a Trojan that is used to take over a computer from a remote location. PentagonRAT belongs to a type of threat referred to as Remote Administration Tools or Trojans. Although there are versions of these applications that are used for benign purposes, such as technical support, RATs like PentagonRAT also may be turned threatening and used to access the victims' computers automatically. The presence of PentagonRAT on a computer can endanger the computer user's data and expose the affected computer to all manners of threats and tactics. Using a RAT like PentagonRAT, con artists also may use an infected computer to deliver PentagonRAT and other threats to the victim's online contacts.

Why PentagonRAT is So Threatening

PentagonRAT is being marketed towards amateur hackers. The PentagonRAT slogan, on PentagonRAT's website, reads 'made by masters for beginners' and is being sold on a Blogspot page. PentagonRAT, like other RATs, is designed to enter a computer (generally installed manually by a hacker) and then used to compromise the infected computer. To deliver PentagonRAT, the hackers take advantage of weak security protections, such as Remote Desktop Connections protected poorly or weak passwords. A team of hackers, whose leader is named Asril Mochammad and also is sold as ‘Crypter Server PentagonRAT’ online, created PentagonRAT. People wanting to use PentagonRAT to carry out attacks can purchase a license for PentagonRAT for between 40,000 and 100,000 Indonesian Rupees (which is between $3 and $7 USD at the current exchange rate). It seems that con artists wanting to purchase PentagonRAT must contact the ill-minded group through a Gmail email account,, which says a lot about the sophistication of this group, since more sophisticated attackers will use a payment portal or Dark Web email address rather than a public email account.

How PentagonRAT can Affect Computer Users and Their Machines?

There are several aspects of PentagonRAT that make it different from most Remote Access Trojans. Apart from having the usual RAT features, PentagonRAT also is capable of supporting remote data encryption, which allows the hackers to encrypt the victim's data to demand the payment of a ransom (essentially combining the functionality of ransomware and a RAT). PentagonRAT includes support for streaming from the victim's computer, collecting passwords, keylogging, and using the infected computer to carry out DDoS attacks. Due to its various features, affordable price, and the ease way it is offered to beginners, con artists in Southeast Asia are using PentagonRAT widely. PentagonRAT can be customized to be used in a variety of hoaxes and attacks. According to the PentagonRAT's website, PentagonRAT can be used in conjunction with the following features:

  • Audio/video streaming.
  • DDoS attacks.
  • Data encryption with XOR, RC4, AES, RC2, Vernam, RSM and Rijindael ciphers.
  • File manager for infected devices.
  • Key logging of Latin, Arabic and Japanese letters.
  • Port monitoring and forwarding.
  • Password recovery from Internet browsers like Google Chrome, Opera, Mozilla Firefox, Safari and Internet Explorer.
  • Proxy configuration.

Dealing with the PentagonRAT Infection

PentagonRAT represents a severe threat to the victims' data and computers because of the multiple features that it includes in its attack. Using PentagonRAT, low-level crooks and hackers can carry out sophisticated attacks that would be out of their reach due to the resources and knowledge that may be required to carry out an attack like this. PentagonRAT can be used for doxing and identity theft, and its flexibility is one of the reasons why this threat is so harmful. Computer users are advised to use a fully updated anti-malware application to protect their data from PentagonRAT and similar threats. To avoid infiltration, server administrators and website operators should protect their systems with strong passwords and good security practices.


Most Viewed