Czarina Grace Tech 11.25.2021 22:Nov PM EST

Beware! Dangerous RATDispenser Malware Can Evade Anti-Virus, Steal Your Cryptos

Experts report about a new malware named RATDispenser, which employs unique techniques to evade detection. Unfortunately, only 11 percent of available antivirus systems can detect this dangerous malware.

Malware, a shortcut for "malicious software," is a common problem. This is often a file or code delivered to explore, corrupt and steal information from an infected device. To counter the growing threat, antivirus systems update their programs to detect and delete malware. Unfortunately, one malware seemed to outsmart them.

Cybersecurity researchers at HP Wolf security discovered the RATDispenser malware. They explained their research findings in a blog post.

RATDispenser Malware: The Dangerous Threat

According to researchers, RATDispenser is predominantly used as a dropper. It distributes a lot of different malware families, some being keylogger, information stealer, remote access trojans (RATs) and more!

Although its main purpose is to distribute and deliver malware, RATDispenser could also be used to open backdoors on infected devices. This means malicious actors can access an infected device remotely and steal their accounts.

RATDispenser is primarily used for hacking cryptocurrency wallets. In some cases, hackers can execute ransomware attacks on the victim.

Malware RATDispenser Attack Path

RATDispenser infection starts from a simple email containing malicious obfuscated JavaScript. A picture from researchers showed an example with a "Product Specification" email, which requires the recipient to run a "New Order" txt file. Double clicking on the link will automatically start the infection process.

When it runs, the JavaScript writes a VBScript file that downloads the malware payload. Afterward, it deletes itself and all traces of its activity. The malware payload then dispenses the dangerous files, which vary in function. Some might steal credentials, while others open crypto wallets. Over time, this malware might fetch a secondary stage of malware.

RATDispenser in the Underground Marketplace

Even worse, experts speculate that RATDispenser might be a growing threat. According to TechRadar, researcher Patrick Schlapfer said, "the variety in malware families, many of which can be purchased or downloaded freely from underground marketplaces, and the preference of the malware operators to drop their payloads, suggest that the authors of RATDispenser may be operating under a malware-as-a-service business model."

This implies that hackers can hire RATDispenser to distribute their malware on selected targets.

How to Avoid RATDispenser Malware

To avoid falling victim to RATDispenser, users are recommended to follow the following suggestions:

Do not download files from the internet. Malicious actors are taking full advantage of the internet to deliver malware payloads via multimedia files. If it is unavoidable, only download files from recipients and websites you trust.
Do not click on suspicious URLs. As seen on RATDispenser, some malicious files automatically download themselves after running on the device. This is why users should never link on suspicious links, especially from emails or messages with unknown senders.
Update and improve account security. One of the best ways to secure an account is to use a strong password. It is recommended that users change these passwords once every few months to boost security further.