Recently, a new RAT (Remote Access Trojan) emerged on a couple of underground hacking forums. It goes by the name WSH RAT and is being marketed as a hacking tool with several different capabilities, including infecting the host with additional malware, as well as collecting sensitive data like usernames and passwords. Closer examination of the WSH RAT's source code revealed that it uses identical function names and methods as H-Worm (Houdini Worm) which, is a piece of malware that gained traction back in 2013.

The authors of the WSH RAT know how to make an offer, which is difficult to resist, at least for other cyber crooks. They rent out the full version of the WSH RAT for just $25 a month. This would allow their clients to employ the WSH RAT in as many campaigns as they wish for the duration of the month they have pre-paid for. There have already been indications of at least one campaign, which has been spreading the WSH RAT. The cybercriminals which took advantage of the offer have been propagating the WSH RAT via spam emails, which would contain an infected ‘.zip’ file, which once opened, would trigger the execution of the WSH RAT.

If the user falls for this trap and opens the corrupted ‘.zip’ file, the WSH RAT would be launched, and as soon as this happens, the threat would connect to the attacker’s C&C (Command & Control) server where it would receive instructions on how to continue the attack. Curiously, the WSH RAT downloads three executable files, which contain corrupted payloads from a completely separate address. These executables can:

  • Collect email credentials.
  • Collect browser passwords and usernames.
  • Log keystrokes.

As a whole, the WSH RAT can:

  • Manipulate the Windows Command Prompt.
  • Execute remote PowerShell commands- Upload files to the compromised PC.
  • Collect files from the compromised PC.
  • Send shutdown/restart commands to the infected host.
  • Operate the Windows Task Manager.

You should consider obtaining a reputable anti-malware suite definitely as it is likely that the WSH RAT will gain increasing popularity in the world of cybercrime.


Most Viewed