XtremeRAT
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 2,856 |
Threat Level: | 10 % (Normal) |
Infected Computers: | 1,189 |
First Seen: | January 31, 2014 |
Last Seen: | September 20, 2023 |
OS(es) Affected: | Windows |
XtremeRAT is a remote access Trojan that has been around for a year and a half and is used to attack targets in the Middle East, particularly in government bodies in Syria and Israel. XtremeRAT is mainly used to steal data. Versions of XtremeRAT were found in numerous computers belonging to civil administration offices in Israel that deal with traffic into and out of the West Bank. It seems that spear phishing email messages were used to target specific targets in this organization in order to cause the XtremeRAT infections. These compromised email messages used spoofed email addresses which made it look to be coming from Israel's main security administration. In fact, a close look at the email messages used to distribute XtremeRAT reveals that the Hebrew in these messages is not natural and that the message was probably pieced together from various other texts in this language. The messages show poor grammar, and it is clear that the person responsible for them is not a native Hebrew speaker.
Eliminating this RAT from Your Environment
XtremeRAT is distributed in a corrupted PDF file that takes advantage of known vulnerabilities in the Windows operating system. In previous versions of this attack, XtremeRAT was distributed using a compromised DOC file or a Microsoft Word document that took advantage of a security vulnerability in this program. Once XtremeRAT is installed, XtremeRAT establishes a connection to a Command and Control server housed in the USA. Sending information through HTTP port 1863, XtremeRAT then sends the data stolen from the infected computer to the criminals controlling XtremeRAT. Using XtremeRAT, criminals have the ability to control the infected computer remotely, using it then to spread XtremeRAT to additional computer systems and steal even more data.
XtremeRAT is a widely used threat in these types of infections and, in various cases, PC security researchers suspect that many of these attackers may have institutional backing from certain countries. XtremeRAT attacks tend to be centered in the Middle East and have been used before by the SEA, or Syrian Electronic Army, an institution that has assumed culpability for several attacks on high profile targets in the United States as well. XtremeRAT is just one of several RATs being used in these types of attacks.
URLs
XtremeRAT may call the following URLs:
getfileconvertor.org |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.