With trojan detection numbers on the rise, the attention of security professionals is turning towards the packages which facilitate them.
Remote access trojans (RATs) are a type of malware program that allows hackers to covertly gain administrative control over a victim’s computer. Malicious RAT programs work by infiltrating the computer then connecting back to the hacker, giving them unauthorised access from a remote location.
RELATED RESOURCE
Decade of the RATs - remote access trojans
Cross-platform APT espionage attacks targeting Linux, Windows and Android
RATs can be as damaging as they sound. Once scurrying around your computer, RATs enable hackers to use your microphone and camera, record on-screen activity, alter personal files, and distribute further malware to other networks. If left unopposed, RAT infections will only worsen.
Fortunately, there are a series of techniques which can be employed to prevent and remove RATs. Read on to learn how to safeguard your computer and keep RATs in the cage.
Individual awareness
Rather obviously, the best way to remove RATs from a computer is to avoid getting them in the first place. The most common route a RAT takes into a computer is through downloaded files, typically sent as attachments in emails.
For organisations with large hubs of administrative staff, meaning a greater number of email addresses to target and a larger risk-surface, employee-awareness of phishing practices must be heightened through comprehensive and recurring training; phishing tactics evolve and so blanket one-day training isn’t sufficient.
Knowing not to open email attachments from unfamiliar addresses, or even the email itself, is a vital step to curtailing malware. Nor should files be downloaded from untrustworthy sources on the web, both of which allow organisations to remain vigilant and clear of any RATs.
Patch management
The second preventative measure is to ensure patch management is constantly up-to-date. Updates are deployed for good reasons, and so it’s essential they are promptly downloaded for both operating systems and browsers alike.
Any time where updates are avoided, whether due to employees being unaware an update is available or if patches are viewed as irritating disruptors to workload, creates a window of opportunity for hackers. For those struggling to keep on top of patch management, it may be time to invest in a patch management tool.
Follow the trail of crumbs
If the worst comes to pass and efforts of prevention are undermined, it’s time to move into the location and removal phases. However, RATs can only be removed once they have first been detected. Therefore it’s vital to know and recognise what signs to look for, the trail of crumbs left by the RAT.
One of the less obvious signs is a slower network connection. Being a symptom related to many ailments, even seasoned IT professionals can be forgiven for experiencing connection issues and not immediately accusing invisible RATs. However, chances are that given a slower operating speed an autopsy is carried out, likely resulting in the inspector coming across an unexpectedly open IP port. This is a clear giveaway that there could be a RAT lurking in the shadows. Also look out for altered or deleted files, and unknown programs installed onto the device.
When suspicions are raised, it’s them time to install security software from a trusted and reliable source - here, exercise caution. Ideally, the computer would be disconnected from the internet to ensure the security probe can itself work undetected. After a full security scan, follow the recommended steps listed by the security software to remove the threat. Once the infection has been successfully removed, all details should be considered compromised. Passwords should be changed and accounts explored to scope out the damage.
Trojan removal tools
Ordinary antivirus scanners aren’t likely to detect encrypted RATs, proven by their ability to live undetected in computers for years. Utilising reputable antivirus and anti-malware solutions do help ensure RATs are unable to properly function, and assist in mitigating any data-collection activities, however the best way to target and remove RATs is through investing in an intrusion detection tool.
Intrusion detection tools are efficient and able to automate much of the removal process. They can contain signatures that can detect trojan packets within network traffic, and if properly configured, can even reliably detect encrypted traffic. Security administrators continue to rely on trojan-specific scanners as they are the only pieces of software that can consistently stamp out a RAT.
Here, the saving grace is that RATs take a lot of time to construct. Typically those employed by hackers are acquired rather than built, meaning that trojan scanners or even more general anti-virus software is able to pull them up. As they are a time-consuming method of attack, they are also generally saved for larger corporations where they provide hackers with a decent ROI. However, since any computer is a target, there’s pay in being prepared.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
CronRat Magecart malware uses 31st February date to remain undetectedNews The malware allows for server-side payment skimming that bypasses browser security
-
Mekotio trojan continues to spread despite its operators’ arrestsNews Hackers have used it in 100 more attacks since arrests
-
“Trojan Source” hides flaws in source code from humansNews Organizations urged to take action to combat the new threat that could result in SolarWinds-style attacks
-
What is Emotet?In-depth A deep dive into one of the most infamous and prolific strains of malware
-
Fake AnyDesk Google ads deliver malwareNews Malware pushed through Google search results
-
Hackers use open source Microsoft dev platform to deliver trojansNews Microsoft's Build Engine is being used to deploy Remcos password-stealing malware
-
Android users told to be on high alert after Cerberus banking Trojan leaks to the dark webNews The source code for the authenticator-breaking malware is available for free on underground forums
-
Qbot malware surges into the top-ten most common business threats
News An evolved form of the banking Trojan was distributed by number one-ranking Emotet in a campaign that hit 5% of businesses globally
