VanillaRAT is a potent and threatening piece of malware that could perform numerous, invasive actions on breached devices. The threat is written using the C# programming language and is classified as a RAT (Remote Access Trojan). However, its capabilities go way beyond simply providing attackers with backdoor access to the victim's system. The expanded feature set of the threat makes it an extremely versatile tool that could fit in the attack operations of various cybercriminals. 

When fully deployed on the target device, VanillaRAT will start its deeds by collecting system-related data, such as CPU details and usage, disk usage, the RAM available on the system, current OS version, architecture and more. The malware also is capable of force-opening arbitrary websites, potentially taking its victims to phishing portals capable of collecting sensitive or confidential details, such as banking and account credentials.

The threat actor also could use VanillaRAT as a spyware tool. The threat is capable of running keylogging routines that will capture every pressed button. If a microphone is connected to the device, VanillaRAT could take control of it and start recording audio. Through the malware, attackers may execute Shell commands, inspect and terminate active processes, manipulate the file system, collect files or download additional payloads for more specialized malware.  

The creators of VanillaRAT have even included a screen locker functionality. If activated, the threat will display an overlay message that will prevent victims from using their devices, as they will not be able to remove it. Typically, the attackers will try to extort money from the affected users in the form of a ransom payment, in exchange for the promise of disabling the overlay window. 


Most Viewed