A new remote access trojan (RAT) advertisement has been circulating on Russian underground hacking forums recently, according to cybersecurity researchers. Named T-RAT, the new malware allows hackers to take over infected devices using a Telegram channel instead of a web-based administration panel. The advertisement reads that T-RAT offers users a simpler and faster way to access devices from any location. All they need is an Internet connection and the malware. The content is in Russian and highlights comfort and convenience because buyers can control the RAT from their smartphone using the Telegram app.
The encrypted-messaging app’s channel supports 98 commands that allow hackers to steal passwords and similar data, browse through the victim’s files, plant a keylogger, access the microphone and record audio, take pictures using the camera, and collect content on clipboard. Furthermore, T-RAT enables cybercriminals to hijack cryptocurrency and digital currency transactions by checking the clipboard for coin addresses and replacing them. This mechanism, called clipper, supports BTC, Ripple, Tron, Qiwi, and much more.
The malware can also block access to websites like antivirus providers, redirect programs, and disable the taskbar and task manager, causing major system disruptions. @3xp0rtblog discovered T-RAT and posted information on Twitter, including advertisement banners, a sample hash, and selling threads. According to ZDNet, the new RAT is available for $45. Karsten Hahn, a security researcher at G DATA, verified that T-RAT lives up to its expectations, adding that it is only the latest in a series of malicious software that can be controlled through Telegram. And although T-RAT’s threat is still relatively low, mostly because hackers remain skeptical about commercial malware, Hahn thinks this new RAT is already gaining an audience.
“There are regular uploads of new T-RAT samples to VirusTotal. I would assume it is in distribution but have no further evidence of it,” said Hahn.
With the mounting threat of cyberattacks, Internet users must remain vigilant and use the latest cybersecurity tools. TheVPN.Guru provides VPN reviews and how-to guides, in addition to online security tips and tricks.