Shady Rat
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 10 % (Normal) |
Infected Computers: | 1 |
First Seen: | April 11, 2014 |
Last Seen: | February 13, 2021 |
OS(es) Affected: | Windows |
The Shady Rat is a threat campaign that consists in one of the largest sustained threat attacks in recent history. The Shady Rat attacks have been comprised of three main stages. The aim of the Shady Rat attacks is to compromise targeted computers and profit by collecting data or using infected computers as part of other threatening activities.
Table of Contents
The First Stage of the Shady Rat Attacks
In the first stage of the Shady Rat, targeted organizations are chosen. Then, email messages specifically targeted at specific individuals in these organizations are crafted and sent. These email messages will try to trick the victim into opening an attached file or clicking on an embedded link. The attachments are often bogus DOC, XLS or PDF documents which use exploits to append threatening code to the file. When the attached file is opened, a Trojan is installed on the victim's computer.
Stage Two of the Shady Rat
After the Shady Rat Trojan is installed, the Shady Rat makes contact with a remote server. The information for this remote server is coded directly into the Shady Rat Trojan. The Trojan will try to access an image file on the server. This is a defining characteristic of the Shady Rat and other recent threat attacks; they will hide their threatening code and commands in image and HTML files that may bypass certain filters. The commands are hidden using an ancient technique known as steganography in which data is hidden in the image in a way that is invisible to the eye.
The Last Stage of the Shady Rat
In the third stage of the Shady Rat attack, the Shady Rat allows the hacker at the remote computer to operate the infected computer from the remote connection. Using the Shady Rat, third parties may collect data, track on the infected computer, collect its content or operate it from a remote location. Through the infected computer, third parties may use the Shady Rat to breach the targeted organization in stage one of this attack. Some security researchers have suggested that the Shady Rat attacks may be sponsored by a government due to the type of targets, although it is still not clear if this is real.
URLs
Shady Rat may call the following URLs:
firesear.ch |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.