Malware experts have spotted a new hacking group that appears to specialize in RATs (Remote Access Trojans). Due to this, the cybercrime group has been given the name RATicate. However, the RATicate hacking group utilizes other threats, such as backdoors and infostealers. The RATicate group first emerged in 2019 and has since carried out a number of high-profile attacks. The RATicate group relies on a single infrastructure for all of their attacks, regardless of the hacking tools deployed. This allowed malware analysts to determine that between November 2019 and January 2020, the RATicate hacking group has carried out five large-scale RAT operations.
Most of the RATicate group campaigns are concentrated in South Korea, Europe and the Middle East. The targets of the RATicate group are businesses that operate in various industries. After the mass-scale operation that took place in January 2020, the RATicate group went silent for a while until they came back in the spotlight with a Coronavirus-themed operation. Their latest campaign was used to deliver several different RATs via phishing techniques. Numerous cyber crooks are using COVID-19-themed content to phish users, so be very wary if you receive an email regarding the pandemic. It is likely that it may be a scheme or other threatening content, which you should not interact with under any circumstances.
Among the signature moves of the RATicate hacking group is the use of NSIS installers. The NSIS utility is a legitimate tool that developers use to create installers for different applications. The fact that the NSIS utility has a modular structure allows the attackers to modify its functionality by adding extra plugins and features. The RATicate hacking group is likely to use this functionality to extend the installers’ features and allow them to:
- Kill active processes.
- Decompress files.
- Load corrupted DLLs (Dynamic Link Libraries).
- Execute commands.
Most of the RATicate group’s campaigns deploy well-known hacking tools such as Betabot, NetWire RAT, Agent Tesla, Lokibot, Remcos RAT, Formbook, etc. Since the RATicate cyber crooks are using popular hacking tools as final payloads, a reputable, up-to-date anti-malware solution will be able to protect your system.