TigerRAT is a threatening RAT (Remote Access Trojan) threat that can allow cybercriminals to establish illegitimate access to and a certain degree of control over infected computers. Typically, RATs can be equipped with a wide range of intrusive features, depending on the specific goals of their operators. In the case of TigerRAT, the threat is being attributed to the Lazarus APT (Advanced Persistent Threat) Group, a cybercriminal organization believed to be backed by North Korea. TigerRAT is deployed to the targeted systems via another Lazarus malware tool known as MagicRAT.
When executed, TigerRAT will collect relevant system information, including device names, usernames, network data and more. The Trojan can be used by the threat actors to manipulate the file system of the breached device by reading, moving, deleting, uploading and even downloading additional files to the system. The last function is often used by cybercriminals to deliver more specialized threats to the targeted devices.
In addition, TigerRAT can run keylogging routines to capture all pressed keys or buttons, as well as make screen recordings. Analysis of the threat's code has revealed signs of a video recording function that has not yet been fully implemented. If activated, this will allow TigerRAT to establish control over any connected or integrated cameras and use them to make capture footage.
RAT threats are extremely potent and the consequences of their infection could be devastating. It is vital to have a professional security solution active on any computer, to minimize the chances of such intrusive threats managing to sneak in.