The Times Australia
The Times Technology News

.
The Times Real Estate

.

New RAT Variants Running Rampant, Threat Report Reveals

  • Written by AVAST

Avast (LSE:AVST), a global leader in digital security and privacy, today released its Q3/2021 Threat Report. In the third quarter of the year, the Avast Threat Labs have seen an increased risk of businesses and consumers being attacked by ransomware and remote access trojans (RATs). RATs can be used for industry espionage, credentials theft, stalking, and even distributed denial of service (DDoS) attacks. The threat researchers also observed innovation in the ever-evolving cybercrime space, with new mechanisms used by exploit kits, and by the mobile banking Trojan Flubot.

Ransomware and RATs putting businesses at risk

In the beginning of Q3 2021, the world witnessed a massive supply chain attack on IT management software provider Kaseya and its customers, with Sodinokibi/REvil ransomware. The Avast Threat Labs noticed and blocked this attack on more than 2.4k endpoints. Following the involvement of politics, the ransomware operators released the decryption key, and Sodinokibi’s infrastructure went down, with no new variants seen in the wild until September 9th, when Avast detected and blocked a new variant. Overall, in Q3, the Avast Threat Labs saw the risk ratio of ransomware attacks go up by 5% vs. Q2, and even up by 22% vs. Q1 2021.

RATs were also a dangerous threat for businesses and consumers, which spread further in Q3 than in the previous quarters. Avast spotted three new RAT variants, including FatalRAT with anti-VM capabilities, VBA RAT, which exploits the Internet Explorer vulnerability CVE-2021-26411, and a new version of Reverse RAT with build number 2.0 which added web camera photo taking, file stealing and anti-AV capabilities. “RATs can be a fundamental threat for businesses, as they can be used for industry espionage,” said Jakub Kroustek, Avast Malware Research Director. “However, RATs can also be used against consumers, for example to steal their credentials, to add their computers to a botnet to drive DDoS attacks, and unfortunately, for cyberstalking, which can do massive harm to an individual’s privacy and wellbeing.”

Growing distribution of rootkits, and innovation in exploit kits and mobile banking trojans
The Avast Threat Labs also recorded a significant increase in rootkit activity at the end of Q3, which was one of the most significant increases in activity in the quarter. A rootkit is malicious software designed to give unauthorised access to cybercriminals, with the highest system privileges. Rootkits commonly provide services to other malware in the user mode.

Another malware category that appears to be returning are Exploit Kits, with notable new innovations occurring, including the targeting of Google Chrome vulnerabilities. The most active exploit kit was PurpleFox, against which Avast protected over 6,000 users per day on average. Rig and Magnitude were also prevalent throughout the whole quarter. The Underminer exploit kit woke up after a long period of inactivity and started sporadically serving HiddenBee and Amadey. Some exploit kits, especially PurpleFox and Magnitude, are under heavy development, regularly receiving new features and exploitation capabilities.

The Avast Threat Labs also monitored new tactics on the mobile front, with FluBot, an Android SMS banking threat, changing its social engineering approach. Jakub Kroustek said, “Flubot first spread posing as delivery services to lure the victims into downloading a “tracking app” for a parcel they recently missed or should be expecting. In Q3, Avast has seen novel scenarios in spreading this malware. One example is posing as voicemail recorders. Another is fake claims of leaked personal photos. The most extreme of these variants would even lure the victim to a fake page that would claim the victim has already been infected by FluBot when they probably weren’t yet and trick them into installing a “cure” for the “infection”. This “cure” would in fact be the FluBot malware itself.

Flubot continued to expand from where initially it was targeting Europe in Q2 - Spain, Italy, Germany, to later spread throughout the rest of Europe and other countries like Australia and New Zealand.

For more detailed information visit the full report: https://decoded.avast.io/threatresearch/avast-q321-threat-report/

The Times Features

From Home Kitchen to Coles: Ballarat Food Startup Makes Middle Eastern Cooking Easy

Exotic Bazaar brings regional innovation and migrant entrepreneurship to supermarket shelves A Ballarat-based food startup is celebrating a major milestone after Coles picked up i...

An Introduction to Complete Hip Replacement Surgery

Hip replacement or total hip arthroplasty is a relatively common medical procedure to regain mobility and bring an end to incessant pain in victims of extreme pain in the hip joi...

2 in 3 Melbourne Families Are Downsizing—But Not for the Reason You Think, Says Big Stuff Movers

MELBOURNE, AUSTRALIA — [16-05-25] — In a city known for its vibrant culture and sprawling suburbs, a quiet revolution is underway. According to recent internal data from Big Stuf...

Runway With a Hug: Gary Bigeni’s Colourful Comeback

By Cesar Ocampo Photographer | AFW 2025 Some designers you photograph once, admire from afar, and move on. But others — like Gary Bigeni — pull you in and never let go. Not becaus...

Tassie’s best pie enters NSW with the launch National Pies’ new fresh range

Fresh from Tasmanian Bakeries in Hobart, National Pies has just delivered Tassie’s best-selling pie to the ready meals aisles of Woolworths stores across NSW.  The delicious roll o...

IORDANES SPYRIDON GOGOS RUNWAY | AFW 2025

Fifth Collection by ISG | Words + Photography by Cesar Ocampo Some runway shows are about the clothes. Others are about the culture they carry. With Iordanes Spyridon Gogos, it’s ...

Times Magazine

Senior of the Year Nominations Open

The Allan Labor Government is encouraging all Victorians to recognise the valuable contributions of older members of our community by nominating them for the 2025 Victorian Senior of the Year Awards.  Minister for Ageing Ingrid Stitt today annou...

CNC Machining Meets Stage Design - Black Swan State Theatre Company & Tommotek

When artistry meets precision engineering, incredible things happen. That’s exactly what unfolded when Tommotek worked alongside the Black Swan State Theatre Company on several of their innovative stage productions. With tight deadlines and intrica...

Uniden Baby Video Monitor Review

Uniden has released another award-winning product as part of their ‘Baby Watch’ series. The BW4501 Baby Monitor is an easy to use camera for keeping eyes and ears on your little one. The camera is easy to set up and can be mounted to the wall or a...

Top Benefits of Hiring Commercial Electricians for Your Business

When it comes to business success, there are no two ways about it: qualified professionals are critical. While many specialists are needed, commercial electricians are among the most important to have on hand. They are directly involved in upholdin...

The Essential Guide to Transforming Office Spaces for Maximum Efficiency

Why Office Fitouts MatterA well-designed office can make all the difference in productivity, employee satisfaction, and client impressions. Businesses of all sizes are investing in updated office spaces to create environments that foster collaborat...

The A/B Testing Revolution: How AI Optimized Landing Pages Without Human Input

A/B testing was always integral to the web-based marketing world. Was there a button that converted better? Marketing could pit one against the other and see which option worked better. This was always through human observation, and over time, as d...

LayBy Shopping