Skip to main content

New malware is capable of evading almost all antivirus products

Trojan
(Image credit: Iaremenko Sergii / Shutterstock)

There’s a new JavaScript downloader on the prowl that not only distributes eight different Remote Access Trojans (RATs), keyloggers and information stealers, but is also able to bypass detection by a majority of security tools, experts have warned.

Cybersecurity researchers at HP Wolf Security named the malware RATDispenser, noting that while JavaScript downloaders typically have a lower detection rate than other downloaders, this particular malware is more dangerous since it employs several techniques to evade detection.

“It’s particularly concerning to see RATDispenser only being detected by about 11% of antivirus systems, resulting in this stealthy malware successfully deploying on victims’ endpoints in most cases,” noted Patrick Schlapfer, Malware Analyst at HP.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

Schlapfer adds that RATs and keyloggers assist attackers gain backdoor access to infected computers. The actors then usually use the access to help siphon credentials for user accounts, and increasingly cryptocurrency wallets, and in some cases might even hawk the access on to ransomware operators.

Ratatouille

The researchers note that the infection chain begins with a user receiving an email containing a malicious obfuscated JavaScript. When it runs, the JavaScript writes a VBScript file, which in turn downloads the malware payload, before deleting itself. 

Further research revealed that there were at least three different RATDispenser variants over the last three months for a total of 155 samples. While a majority of these samples were droppers, ten were downloaders that communicated over the network to fetch a secondary stage of malware.

“The variety in malware families, many of which can be purchased or downloaded freely from underground marketplaces, and the preference of the malware operators to drop their payloads, suggest that the authors of RATDispenser may be operating under a malware-as-a-service business model,” believe the researchers.

Protect your computers with these best antivirus, and cleanse them with these best malware removal software

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.