Trojan.CyberGate.A
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 16,990 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 385 |
| First Seen: | April 27, 2017 |
| Last Seen: | September 20, 2023 |
| OS(es) Affected: | Windows |
Trojan.CyberGate.A is a detection name that is associated with the CyberGate Remote Access Trojan. Trojan.CyberGate.A is a blanket term used to reference code utilized by the CyberGate RAT. There are many building kits for the CyberGate RAT on the Open Web, and you don't even need to pay for it. Platforms like Website[.]cybergate-rat[.]org and Sinister[.]ly are reported to host code associated with Trojan.CyberGate.A. The CyberGate RAT is a classified as a harmful program that supports features you may see in legitimate tools like TeamViewer (h[tt]ps://www.teamviewer[.]com) and professional remote administration solutions. Unfortunately, the CyberGate RAT is used to control compromised computers and run attacks on other systems.
Victims may be invited to double-click a fake PDF, an image and a DOCX file to install the host program that connects to the CyberGate server. The CyberGate RAT can hide its presence by injecting code into already running processes. The CyberGate hosts may not spot the Trojan working in the background. The CyberGate operators can set up servers and have almost complete control over the infected devices. The CyberGate RAT can be tailored to run from Windows, Program Files, Root and Temp directories. Also, the CyberGate may modify the Windows Registry and run on boot.
The CyberGate RAT is known by malware researchers since as early as 2009. Statistics show that this Trojan is often loaded as a fake instance of 'svchost.exe' in Windows. 'svchost.exe' is a legitimate process on Windows that is used to host various services. Unsurprisingly, many threat authors use the process name to make their tools harder to detect. PC users infected with the CyberGate RAT may notice missing icons on their desktop and AV services failing to start. Also, CyberGate features anti-debugging and anti-virtualization capabilities to hinder detection. You should run a reputable anti-malware product and be careful about what you download from the Internet.
