Facts About Remote Access Trojans (RATs) vs AlienSpy

AlienSpy is the latest in a family of RATs which target both consumers and enterprises in a bid to steal valuable data and compromise systems.

Remote Access Trojans (RATs) never fully vanish; instead, they are often recycled and redeveloped in the changing cybersecurity landscape. These kinds of Trojans, often deployed through phishing campaigns which use spoof emails and malicious files to deliver malware payloads, can be tailored to target particular industries -- such as banking or manufacturing -- or be used indiscriminately against both consumers and businesses.

In a security advisory (.PDF) posted Thursday, security firm Fidelis said the newly-discovered AlienSpy Trojan is currently being used in international phishing campaigns against both consumers and the enterprise, although generally has been detected in campaigns based in the technology, finance, government and energy sectors.

Joining the likes of njRAT, njWorm and Houdini, the RAT's development focuses on delivery rather than core functions. However, AlienSpy does differ from its predecessors. While also similar to Frutas, Adwind and Unrecom, the security firm believes the new RAT has benefited from "unified," collaborative development. As a result, the Trojan is more sophisticated and has expanded functionality.

AlienSpy currently supports infections on Windows, Linux, Mac OSX and the Android mobile operating system. However, the Trojan also demonstrates new evasion techniques not present in past RATs.

Once deployed, the Java-based Trojan grants an attacker access and control over a compromised system. The malware is able to collect system information including OS version, RAM data and computer name, upload and deploy additional malware packages, capture webcam and microphone streams without consent, and remotely watch device activity. In addition, the Trojan includes a keylogger.

AlienSpy's additional features include a sandbox detection tool, the detection and disabling of antivirus software, and the use of Transport Layer Security (TLS) cryptographic protocols to secure its connection to the command and control (C&C) server.

"Applying this technique makes it very difficult for network defenders to detect the malicious activity from infected nodes in the enterprise. To prevent various security tools from running, this version of AlienSpy performs various registry key changes," the advisory notes. "Infected systems could end up with botnet malware downloaded through AlienSpy RAT (e.g. Citadel) as it was observed by our security researchers during one of the infections."

In the same manner as its predecessors, AlienSpy is available through various subscription models and receives continual updates from its developers. According to Fidelis, AlienSpy can be purchased for between $19.90 and $219.99.

"Enterprises should ensure that they are capable of detecting inbound malware as well as active infections involving this RAT," Fidelis says.

The security firm has also published a Yara rule to help developers identify and classify the AlienSpy malware strain.

via ZDNet

Read more »

5 Ways to Stay Away from Malware on a Smartphone

A malware is some software specially designed to harm your computer or smartphone, or to get your personal information for various anti-social purposes (let’s say spying on you). It may be a virus, a spyware, worm, or a Trojan, but their sole purpose is to harm you. Nowadays, since smartphones are more in use, these malwares are aimed mostly at them. So here are some precautions that you can adopt to stay away from them:

1. Download Stuff From Trusted Sources

While you download stuff (songs, pictures etc.) into your mobile, be sure that you don’t download anything but what you want to download. Sometimes, rather most of the times, a file that you want to download is accompanied with a malicious software, that drains out your personal information out of your phones and can be used for anything, and the worst part is that you’d never know. One such unwanted application is Mobogenie that automatically gets downloaded onto Android phones and can cause serious troubles. Don’t believe messages on your browsers that say anything about your phone slowing down or those that offer you “hot pics”.

2. Don’t Cache Passwords

Well, it must be very annoying to type your password again and again onto your device, but this is the key area where most of the spywares attack. They phish out the cache from browsers and hence, can gain access to your private accounts. So the only foolproof method to avoid this is to not save these passwords. Oh, and while you’re at it, turn on the 2-step verification to be extra safe. Click here to know more about two-step verification.

3. Don’t Fall Into Traps Of Spams

You might have come across emails claiming that you’ve won a billion dollars in some lottery you never signed up for, or something like this:

Never click on these links, unless you’ve subscribed or signed up for them as they may contain software that can get installed on your smartphones without your consent.

4. Be Extra Cautious If You’ve Got Root Access

This point is exclusive for Android devices.When you root your smartphone, you allow the apps to gain ‘root access,’ and once a malware gets this access, it has the rights to do almost anything on your device, without your knowledge. That doesn’t mean you shouldn’t root your phones. Just be careful while you grant Superuser privileges, and don’t grant these permissions to non-trusted software downloaded from non-trusted sources. Though we recommend not to download such softwares, but even if you do, don’t grant them Superuser permissions.

5. Install An Anti-Malware Program

Though these apps aren’t enough for keeping the malwares away, they do help to some extent. There are a plenty of such applications out there, most of them free. The best rated ones include Lookout, AVG, or Avast. Mostly, they check installed apps, and watch out for malicious codes.

Read more »