By GoldSparrow in Remote Administration Tools

RadRAT has received a lot of attention because it is a quite complex piece of software, designed for espionage and high-end operations. RadRAT has gone unnoticed since at least 2015 and was detected in 2018 by PC security researchers. RadRAT allows criminals operating it to take over the infected computer. This remote access Trojan (RAT) allows its controller to access the infected computer from a remote location and gain full control over it. RadRAT is mostly used to collect important data and to monitor the activities of the victims. RadRAT attacks seem to have targeted large business networks and high-end targets with sensitive data on their computers or computer networks mostly.

No Matter if a Malware or a Rodent, a RAT will Always be a Threat

The criminals operating RadRAT gain control with no restrictions over the infected computer. Once RadRAT infects a single computer on a network, the criminals can use the infected computer to spread RadRAT to other machines in the same environment. RadRAT includes complex mechanisms that allow it to evade detection and removal, making it a particularly harmful threat. RadRAT is designed to infect computers using the Windows operating systems.

Distribution Methods Associated with RadRAT

RadRAT possesses several features, which allow this threat to spread throughout a network. RadRAT will harvest credentials from an infected computer and is capable of collecting numerous passwords and private data through a variety of ways, including passwords stored in Web browsers and the affected operating system, as well as including features that allow criminals to monitor network traffic and other sources for data. RadRAT runs in two main DLL files installed on the infected computer and RadRAT is capable of responding to 92 distinct commands currently, which can be used to carry out operations on the infected computer, often allowing criminals to distribute RadRAT to other computers.

How the RadRAT Attacks a Computer

The commands that are used to control RadRAT can be used to access the victim's files and Registry and carry out a wide variety of operations. RadRAT can be used to read any file on the infected computer, see shared files on the affected computer's network, and even carry out complex file operations such as comparing hashes and computing hashes between files, operating on specific portions of larger files, and uploading specific portions to a Command and Control server. This allows criminals to use RadRAT to inspect encrypted material or to specifically search for distinct data types on the infected computers. RadRAT is quite complex, and more threatening than many other RATs being used currently, mainly with individuals as their targets rather than large businesses and other high-end targets associated with RadRAT substantially.

Protecting Your Computer, Network, and Data from RadRAT

RadRAT was observed in February 2018, even though RadRAT has probably been active for at least three years previously. Because of this, any possible data breaches that may have occurred in that time if RadRAT is detected should be audited. RadRAT exploits EternalBlue, a known vulnerability in Microsoft Windows identified as CVE-2017-0144. This same vulnerability also has been associated with other high-end attacks, such as the WannaCry Ransomware, and this is why computer users need to apply any security patches and updates for the Windows operating system. RadRAT is often installed as a root driver on the infected computer, which may prevent security software from detecting it. Computer users should use strong security software that is capable of detecting malware on a variety of levels.


Most Viewed