The Times Australia
The Times Technology News

.
The Times Real Estate

.

New RAT Variants Running Rampant, Threat Report Reveals

  • Written by AVAST

Avast (LSE:AVST), a global leader in digital security and privacy, today released its Q3/2021 Threat Report. In the third quarter of the year, the Avast Threat Labs have seen an increased risk of businesses and consumers being attacked by ransomware and remote access trojans (RATs). RATs can be used for industry espionage, credentials theft, stalking, and even distributed denial of service (DDoS) attacks. The threat researchers also observed innovation in the ever-evolving cybercrime space, with new mechanisms used by exploit kits, and by the mobile banking Trojan Flubot.

Ransomware and RATs putting businesses at risk

In the beginning of Q3 2021, the world witnessed a massive supply chain attack on IT management software provider Kaseya and its customers, with Sodinokibi/REvil ransomware. The Avast Threat Labs noticed and blocked this attack on more than 2.4k endpoints. Following the involvement of politics, the ransomware operators released the decryption key, and Sodinokibi’s infrastructure went down, with no new variants seen in the wild until September 9th, when Avast detected and blocked a new variant. Overall, in Q3, the Avast Threat Labs saw the risk ratio of ransomware attacks go up by 5% vs. Q2, and even up by 22% vs. Q1 2021.

RATs were also a dangerous threat for businesses and consumers, which spread further in Q3 than in the previous quarters. Avast spotted three new RAT variants, including FatalRAT with anti-VM capabilities, VBA RAT, which exploits the Internet Explorer vulnerability CVE-2021-26411, and a new version of Reverse RAT with build number 2.0 which added web camera photo taking, file stealing and anti-AV capabilities. “RATs can be a fundamental threat for businesses, as they can be used for industry espionage,” said Jakub Kroustek, Avast Malware Research Director. “However, RATs can also be used against consumers, for example to steal their credentials, to add their computers to a botnet to drive DDoS attacks, and unfortunately, for cyberstalking, which can do massive harm to an individual’s privacy and wellbeing.”

Growing distribution of rootkits, and innovation in exploit kits and mobile banking trojans
The Avast Threat Labs also recorded a significant increase in rootkit activity at the end of Q3, which was one of the most significant increases in activity in the quarter. A rootkit is malicious software designed to give unauthorised access to cybercriminals, with the highest system privileges. Rootkits commonly provide services to other malware in the user mode.

Another malware category that appears to be returning are Exploit Kits, with notable new innovations occurring, including the targeting of Google Chrome vulnerabilities. The most active exploit kit was PurpleFox, against which Avast protected over 6,000 users per day on average. Rig and Magnitude were also prevalent throughout the whole quarter. The Underminer exploit kit woke up after a long period of inactivity and started sporadically serving HiddenBee and Amadey. Some exploit kits, especially PurpleFox and Magnitude, are under heavy development, regularly receiving new features and exploitation capabilities.

The Avast Threat Labs also monitored new tactics on the mobile front, with FluBot, an Android SMS banking threat, changing its social engineering approach. Jakub Kroustek said, “Flubot first spread posing as delivery services to lure the victims into downloading a “tracking app” for a parcel they recently missed or should be expecting. In Q3, Avast has seen novel scenarios in spreading this malware. One example is posing as voicemail recorders. Another is fake claims of leaked personal photos. The most extreme of these variants would even lure the victim to a fake page that would claim the victim has already been infected by FluBot when they probably weren’t yet and trick them into installing a “cure” for the “infection”. This “cure” would in fact be the FluBot malware itself.

Flubot continued to expand from where initially it was targeting Europe in Q2 - Spain, Italy, Germany, to later spread throughout the rest of Europe and other countries like Australia and New Zealand.

For more detailed information visit the full report: https://decoded.avast.io/threatresearch/avast-q321-threat-report/

The Times Features

Why Roof Replacement Is the Best Solution for Roofs with Major Leaks

When your roof is leaking extensively, the situation can be both frustrating and worrying. The constant drip-drip-drip of water, the potential for structural damage, and the risi...

Why Your Tennis Game Isn’t Improving (And How to Fix It)

Tennis is a sport that demands precision, endurance, strategy, and mental toughness. Whether you play casually or competitively, you may reach a frustrating point where your prog...

Can you get sunburnt or UV skin damage through car or home windows?

When you’re in a car, train or bus, do you choose a seat to avoid being in the sun or do you like the sunny side? You can definitely feel the sun’s heat through a window. Bu...

Want your loved ones to inherit your super? Here’s why you can’t afford to skip this one step

What happens to our super when we die? Most Australians have superannuation accounts but about one in five[1] of us die before we can retire and actually enjoy that money. I...

Home Safety 101: What You Shouldn’t Ignore

Overloaded outlets, unattended cooking, and faulty smoke alarms are common fire hazards that many homeowners overlook. Poorly maintained appliances, including electrical cords...

Here's How to Pick the Best Hair Loss Treatment for Your Needs

Hair loss can be frustrating, probably an emotional experience, and only with appropriate types of treatments is one able to restore one's confidence level, showing results that ...

Times Magazine

What to Look for When Booking an Event Space in Melbourne

Define your event needs early to streamline venue selection and ensure a good fit. Choose a well-located, accessible venue with good transport links and parking. Check for key amenities such as catering, AV equipment, and flexible seating. Pla...

How BIM Software is Transforming Architecture and Engineering

Building Information Modeling (BIM) software has become a cornerstone of modern architecture and engineering practices, revolutionizing how professionals design, collaborate, and execute projects. By enabling more efficient workflows and fostering ...

How 32-Inch Computer Monitors Can Increase Your Workflow

With the near-constant usage of technology around the world today, ergonomics have become crucial in business. Moving to 32 inch computer monitors is perhaps one of the best and most valuable improvements you can possibly implement. This-sized moni...

Top Tips for Finding a Great Florist for Your Sydney Wedding

While the choice of wedding venue does much of the heavy lifting when it comes to wowing guests, decorations are certainly not far behind. They can add a bit of personality and flair to the traditional proceedings, as well as enhancing the venue’s ...

Avant Stone's 2025 Nature's Palette Collection

Avant Stone, a longstanding supplier of quality natural stone in Sydney, introduces the 2025 Nature’s Palette Collection. Curated for architects, designers, and homeowners with discerning tastes, this selection highlights classic and contemporary a...

Professional-Grade Tactical Gear: Why 5.11 Tactical Leads the Field

When you're out in the field, your gear has to perform at the same level as you. In the world of high-quality equipment, 5.11 Tactical has established itself as a standard for professionals who demand dependability. Regardless of whether you’re inv...

LayBy Shopping