New malware is capable of evading almost all antivirus products

Malware bundles eighth different RATs, keyloggers, and information stealers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

There’s a newJavaScriptdownloader on the prowl that not only distributes eight different Remote Access Trojans (RATs), keyloggers and information stealers, but is also able to bypass detection by a majority ofsecurity tools, experts have warned.

Cybersecurityresearchers atHPWolf Security named themalwareRATDispenser, noting that while JavaScript downloaders typically have a lower detection rate than other downloaders, this particular malware is more dangerous since it employs several techniques to evade detection.

“It’s particularly concerning to see RATDispenser only being detected by about 11% ofantivirussystems, resulting in this stealthy malware successfully deploying on victims’ endpoints in most cases,”notedPatrick Schlapfer, Malware Analyst at HP.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

Schlapfer adds that RATs and keyloggers assist attackers gain backdoor access to infected computers. The actors then usually use the access to help siphon credentials for user accounts, and increasinglycryptocurrency wallets, and in some cases might even hawk the access on toransomwareoperators.

Ratatouille

The researchers note that the infection chain begins with a user receiving an email containing a malicious obfuscated JavaScript. When it runs, the JavaScript writes a VBScript file, which in turn downloads the malware payload, before deleting itself.

Further research revealed that there were at least three different RATDispenser variants over the last three months for a total of 155 samples. While a majority of these samples were droppers, ten were downloaders that communicated over the network to fetch a secondary stage of malware.

“The variety in malware families, many of which can be purchased or downloaded freely from underground marketplaces, and the preference of the malware operators to drop their payloads, suggest that the authors of RATDispenser may be operating under a malware-as-a-service business model,” believe the researchers.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Protect your computers with thesebest antivirus, and cleanse them with thesebest malware removal software

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well