The Times Australia
The Times Technology News

.

New RAT Variants Running Rampant, Threat Report Reveals

  • Written by AVAST

Avast (LSE:AVST), a global leader in digital security and privacy, today released its Q3/2021 Threat Report. In the third quarter of the year, the Avast Threat Labs have seen an increased risk of businesses and consumers being attacked by ransomware and remote access trojans (RATs). RATs can be used for industry espionage, credentials theft, stalking, and even distributed denial of service (DDoS) attacks. The threat researchers also observed innovation in the ever-evolving cybercrime space, with new mechanisms used by exploit kits, and by the mobile banking Trojan Flubot.

Ransomware and RATs putting businesses at risk

In the beginning of Q3 2021, the world witnessed a massive supply chain attack on IT management software provider Kaseya and its customers, with Sodinokibi/REvil ransomware. The Avast Threat Labs noticed and blocked this attack on more than 2.4k endpoints. Following the involvement of politics, the ransomware operators released the decryption key, and Sodinokibi’s infrastructure went down, with no new variants seen in the wild until September 9th, when Avast detected and blocked a new variant. Overall, in Q3, the Avast Threat Labs saw the risk ratio of ransomware attacks go up by 5% vs. Q2, and even up by 22% vs. Q1 2021.

RATs were also a dangerous threat for businesses and consumers, which spread further in Q3 than in the previous quarters. Avast spotted three new RAT variants, including FatalRAT with anti-VM capabilities, VBA RAT, which exploits the Internet Explorer vulnerability CVE-2021-26411, and a new version of Reverse RAT with build number 2.0 which added web camera photo taking, file stealing and anti-AV capabilities. “RATs can be a fundamental threat for businesses, as they can be used for industry espionage,” said Jakub Kroustek, Avast Malware Research Director. “However, RATs can also be used against consumers, for example to steal their credentials, to add their computers to a botnet to drive DDoS attacks, and unfortunately, for cyberstalking, which can do massive harm to an individual’s privacy and wellbeing.”

Growing distribution of rootkits, and innovation in exploit kits and mobile banking trojans
The Avast Threat Labs also recorded a significant increase in rootkit activity at the end of Q3, which was one of the most significant increases in activity in the quarter. A rootkit is malicious software designed to give unauthorised access to cybercriminals, with the highest system privileges. Rootkits commonly provide services to other malware in the user mode.

Another malware category that appears to be returning are Exploit Kits, with notable new innovations occurring, including the targeting of Google Chrome vulnerabilities. The most active exploit kit was PurpleFox, against which Avast protected over 6,000 users per day on average. Rig and Magnitude were also prevalent throughout the whole quarter. The Underminer exploit kit woke up after a long period of inactivity and started sporadically serving HiddenBee and Amadey. Some exploit kits, especially PurpleFox and Magnitude, are under heavy development, regularly receiving new features and exploitation capabilities.

The Avast Threat Labs also monitored new tactics on the mobile front, with FluBot, an Android SMS banking threat, changing its social engineering approach. Jakub Kroustek said, “Flubot first spread posing as delivery services to lure the victims into downloading a “tracking app” for a parcel they recently missed or should be expecting. In Q3, Avast has seen novel scenarios in spreading this malware. One example is posing as voicemail recorders. Another is fake claims of leaked personal photos. The most extreme of these variants would even lure the victim to a fake page that would claim the victim has already been infected by FluBot when they probably weren’t yet and trick them into installing a “cure” for the “infection”. This “cure” would in fact be the FluBot malware itself.

Flubot continued to expand from where initially it was targeting Europe in Q2 - Spain, Italy, Germany, to later spread throughout the rest of Europe and other countries like Australia and New Zealand.

For more detailed information visit the full report: https://decoded.avast.io/threatresearch/avast-q321-threat-report/

Times Magazine

DIY Is In: How Aussie Parents Are Redefining Birthday Parties

When planning his daughter’s birthday, Rich opted for a DIY approach, inspired by her love for drawing maps and giving clues. Their weekend tradition of hiding treats at home sparked the idea, and with a pirate ship playground already chosen as t...

When Touchscreens Turn Temperamental: What to Do Before You Panic

When your touchscreen starts acting up, ignoring taps, registering phantom touches, or freezing entirely, it can feel like your entire setup is falling apart. Before you rush to replace the device, it’s worth taking a deep breath and exploring what c...

Why Social Media Marketing Matters for Businesses in Australia

Today social media is a big part of daily life. All over Australia people use Facebook, Instagram, TikTok , LinkedIn and Twitter to stay connected, share updates and find new ideas. For businesses this means a great chance to reach new customers and...

Building an AI-First Culture in Your Company

AI isn't just something to think about anymore - it's becoming part of how we live and work, whether we like it or not. At the office, it definitely helps us move faster. But here's the thing: just using tools like ChatGPT or plugging AI into your wo...

Data Management Isn't Just About Tech—Here’s Why It’s a Human Problem Too

Photo by Kevin Kuby Manuel O. Diaz Jr.We live in a world drowning in data. Every click, swipe, medical scan, and financial transaction generates information, so much that managing it all has become one of the biggest challenges of our digital age. Bu...

Headless CMS in Digital Twins and 3D Product Experiences

Image by freepik As the metaverse becomes more advanced and accessible, it's clear that multiple sectors will use digital twins and 3D product experiences to visualize, connect, and streamline efforts better. A digital twin is a virtual replica of ...

The Times Features

Italian Street Kitchen: A Nation’s Favourite with Expansion News on Horizon

Successful chef brothers, Enrico and Giulio Marchese, weigh in on their day-to-day at Australian foodie favourite, Italian Street Kitchen - with plans for ‘ambitious expansion’ to ...

What to Expect During a Professional Termite Inspection

Keeping a home safe from termites isn't just about peace of mind—it’s a vital investment in the structure of your property. A professional termite inspection is your first line o...

Booty and the Beasts - The Podcast

Cult TV Show Back with Bite as a Riotous New Podcast  The show that scandalised, shocked and entertained audiences across the country, ‘Beauty and the Beast’, has returned in ...

A Guide to Determining the Right Time for a Switchboard Replacement

At the centre of every property’s electrical system is the switchboard – a component that doesn’t get much attention until problems arise. This essential unit directs electrici...

Après Skrew: Peanut Butter Whiskey Turns Australia’s Winter Parties Upside Down

This August, winter in Australia is about to get a lot nuttier. Skrewball Whiskey, the cult U.S. peanut butter whiskey that’s taken the world by storm, is bringing its bold brand o...

450 people queue for first taste of Pappa Flock’s crispy chicken as first restaurant opens in Queensland

Queenslanders turned out in flocks for the opening of Pappa Flock's first Queensland restaurant, with 450 people lining up to get their hands on the TikTok famous crispy crunchy ch...