The Turla APT (Advanced Persistent Threat) is an ill-famed hacking group that originates from Russia. They also are known as Uroboros, Snake, Waterbug, and Venomous Bear. The Turla APT is very popular in the world of cybercrime and has carried out many devastating hacking campaigns over the years. Some malware researchers believe that the hacking group may be sponsored by the Kremlin, but this information is not yet confirmed. Most of their campaigns are concentrated in ex-Soviet states like Belarus and Ukraine, but they also have launched operations in Iran. One of the hacking tools in the rather large arsenal of the Turla APT is the Reductor RAT (Remote Access Trojan). It is believed that the Reductor RAT is an upgraded variant of the COMpfun threat. The COMpfun Trojan’s main purpose was to serve as a first-stage payload, while the Reductor RAT has been further weaponized and poses a much bigger threat to potential victims.
Monitors the TLS Traffic of the Victim
Researchers believe that the Reductor RAT is likely being propagated via file sharing websites. However, most of the related files have been wiped off these platforms, which means that studying this threat is rather difficult. Malware experts have managed to retrieve some data regarding the Reductor RAT from systems that this threat has compromised and thus managed to learn more about this Trojan. What they uncovered is that the Reductor RAT is able to replace browser installer executable with illegitimate copies and can compromise TLS traffic and redirect to compromised hosts. The attackers make sure that the user’s handle is personalized and traceable by adding unique hardware and software-based identifiers. Doing so allows them to monitor the network traffic of their targets even though the traffic is still encrypted and thus cannot be considered as a data leak.
If the victim attempts to download a file, the Reductor RAT is capable of replacing the desired file with a corrupted binary. Researchers have determined that the operators of the Reductor RAT are yet to exploit this function of their threat, but it is ready and set to go whenever it may be required.
Other Reductor RAT Capabilities
Some of the other capabilities of the Reductor RAT include:
- Collecting information about the software and hardware of the victim.
- Issuing remote commands.
- Listing and controlling the running processes.
- Having the ability to run uploaded and downloaded files.
- Capturing screenshots of the desktop and tabs.
The Turla APT is not one to be underestimated, and it is clear that the individuals involved with it are developing new tools constantly, as well as upgrading old ones.
Do You Suspect Your PC May Be Infected with Reductor & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Reductor as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.