WeControl RAT

The WeControl RAT is an improved version of the WeSteal RAT that is advertised on the Black Market as a RAT/Botnet hybrid by the threat actor that was the creator of another threat called ComplexCoddes'. This means that the developers of the WeControl RAT have included a model of C2-as-a-service into this new RAT. The first activity of the WeControl RAT was noticed in the middle of the current month.

The WeControl RAT was developed to gather crypto-currency illicitly from the machines it manages to infect. For unknown reasons, the WeControl RAT collects the Bitcoin and Ethereum cryptocurrencies specifically and enters and leaves the computer users' wallets via their clipboards. The WeControl RAT also is full of features like the GUI/Panel that is very similar to a RAT (Remote Access Trojan).

This Python-based malware scans for strings connected to wallet identifiers duplicated to a victim's clipboard. When these wallet identifiers are found, the wallet addresses are put back with attacker-dominated wallets, which means that any relocation of cryptocurrencies ends up in the hacker's pocket.

Computer users that have reasons to suspect that their machines are housing a threat such as the WeControl RAT should take urgent measures to scan their machines with a trustful anti-malware product prepared to eliminate Rats the most urgently possible.