The SamoRAT (Remote Access Trojan) is a threat that is rather nasty to deal with. This Trojan enables its operators to collect types of sensitive data. The SamoRAT appears to be a unique Trojan that is not based on similar RATs. This indicates that the creators of the SamoRAT may have developed this threat from scratch.

According to malware analysts, the SamoRAT is being propagated via several distribution methods. One of them is phishing emails. The fraudulent emails would contain a malicious attachment that carries the payload of the SamoRAT. Another infection vector is pirated games and applications. This is what makes users be advised to avoid installing any pirated software on their systems. Some cybercriminals target specific regions or demographics. However, in the case of the SamoRAT, the attackers are simply trying to infect as many devices as possible. When the SamoRAT compromises a PC, it will place its files in several system folders by disguising itself as a legitimate Windows service. to gain persistence on the host, the SamoRAT would tamper with the Windows Registry Key and create a new Windows Scheduled Task and a new Windows Service.

When the SamoRAT is active on the targeted host, it will allow the attackers to browse the victim's files, record video, and audio via the device's camera and microphone, etc. The SamoRAT is rather stealthy, so you may not notice anything wrong for a while. If you have motives to suspect that you have fallen victim to the SamoRAT, it is best to scan your computer with the help of a legitimate, up-to-date PC security application.


Most Viewed