Security researchers have detected a new computer threat, which the named PoetRAT. The origin of PoetRAT is not known at this time. However, it is focusing its attacks on Azerbaijan. To deliver its harmful payload, PoetRAT uses corrupted URLs, which pretend to be one of the Azerbaijan government various domains. Therefore, the victims may be fooled, and access the compromised domain, thinking that they are visiting a highly trusted website. When the victims open the website, a Microsoft Word document will drop PoetRAT's payload, which is a Remote Access Trojan, based on Python. When the RAT is installed, its perpetrators can take control of the infected machine, and start to execute their harmful actions.

As it is not bad enough to have a RAT installed on a computer, PoetRAT also has other tricks to optimize its actions. PoetRAT may install a tool that will make it possible for it to keep an eye on the computer's hard disk and transfer data to its Command and Control servers automatically. It also can control the machine's camera, install password stealers, keyloggers and much more.

Some of the domains related to PoetRAT are govaz.herokuapp[dot]com, dellgenius.hopto[dot]org and gov-az.herokuapp[dot]com.

Another threatening feature of PoetRAT is it's stealthy; it works in the background silently, which makes it really hard to notice its activities. Therefore, your online banking details, passwords, personal information, etc. can be collected, which will cause a lot of problems, for sure.

The best way to check if PoetRAT is installed on your computer is by using a powerful malware scanner, which can identify and remove this threatening RAT from your machine.


Most Viewed