Often, cybercriminals who develop their own hacking tools opt to sell them publicly to make some quick cash. This is the case with the Saefko RAT (Remote Access Trojan). This RAT appears to be mainly used for espionage and offers the users who buy it a great insight into the habits of the victims they choose to target. This helps them tailor a better approach to trick the targets potentially.
Digs through Browser History
Once the Saefko RAT is triggered, it wil establish a connection with a legitimate Google service immediately. This will help the RAT find out whether the system is connected to the Internet or not. If the compromised host is connected to the Web, the Saefko RAT will begin searching through the browser history of the victim. This RAT is looking for URLs that are linked to a few categories:
- Social Media.
All the relevant data is then gathered and transferred to the C&C (Command & Control) server of the operators. Additional data that the Saefko RAT collects is system information like username, geolocation, IP address, hardware, software, etc.
Gains Persistence and Continues the Attack
Then, the Saefko RAT applies changes to the Windows Registry to grant itself persistence on the compromised machine. Once this is done, the Saefko RAT will be able to execute a list of tasks such as:
- Loading Web pages.
- Taking screenshots.
- Recording video of the desktop.
- Downloading and executing files.
- Opening and closing the CDROM.
- Commanding the threat to upload the keylogger log file.
- Receiving system details.
- Accessing the Webcam.
- Executing commands using the line tool.
- Uninstalling itself.
The Saefko RAT also can:
- Infect any connected removable storage devices.
- Trigger a keylogger feature, which will collect the keystrokes in a 'log.txt' file.
- Establish a connection to an Internet Relay Chat (IRC) server & channel that the attackers can use to transmit commands to the malware payload on the victim's machine.
As you can see, the Saefko RAT has a long list of features, which can cause great harm. However, this threat also is rather pricey so that, hopefully, not many cybercriminals will be able to afford it. We would suggest you to have a legitimate anti-malware tool, which will keep your PC safe from threats like the Saefko RAT.
How Can You Detect Malware?Download SpyHunter's Detection Scanner
to Detect Malware.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.