remote access trojan
NginRAT – A stealth malware targets e-store hiding on Nginx servers - EZSecurity
Researchers from security firm Sansec recently discovered a new Linux remote access trojan (RAT), tracked as CronRAT, that hides in the Linux task scheduling system (cron) on February 31st. CronRAT is employed in Magecart attacks against online stores web stores and enables attackers to steal credit card data by deploying online payment skimmers on Linux servers. While investigating CronRAT infections in North America and Europe the researchers spotted a new malware, dubbed NginRAT, that hides on Nginx servers bypassing security solutions. Like CronRAT, also NginRAT works as a "server-side Magecart," it injects itself into an Nginx process. Experts pointed out that a rogue Nginx process could not be distinguished from the original.
The Remote Access Trojan (RAT), a Legacy Product at a Mass Market Price - SecBI
The Remote Access Trojan (RAT) can almost be considered the "legacy" tool of hackers. The RAT is a malware program that uses a back door for administrative control over the targeted computer. As such, RATs are used for "low and slow", prolonged, stealthy operations such as APTs. Using this malicious technique, the attackers take their time to explore the victim's networks and assets, and then move around as quietly as possible to achieve their objectives without detection. Some APTs have been in operation for years and RATs play a crucial part in enabling attackers to access targets while avoiding detection.
Catching a RAT by the tail
Last month I examined how machine learning could be used to detect low and slow insider threats. In this, the final installment of my trilogy on real-world use cases from the recent Verizon Data Breach Digest, I'll discuss how remote access threats can be exposed with the machine learning techniques I've covered in my two previous blogs. In this example, a manufacturing company experienced a breach of a shared engineering work station in its R&D department. A phishing email resulted in a Remote Access Trojan (RAT) backdoor being downloaded onto the system, which enabled the threat actors to escalate privileges and capture user credentials for everyone who had used the system. By the time the breach was discovered, a significant amount of information had been leaked out via FTP to a foreign IP address.