Jaysu
Banned
- Joined
- 21.09.20
- Messages
- 122
- Reaction score
- 839
- Points
- 63
The malware's Telegram channel supports 98 teams.
A security researcher using the alias 3xp0rt discovered a new Remote Access Trojan (RAT) advertised on Russian-language underground hacker forums. A malicious software called T-RAT sells for $ 45, and its main advantage is the ability to control infected systems through a Telegram channel (and not through a web-based administration panel).
According to the seller, this provides buyers with faster and easier access to infected computers from anywhere, allowing data theft features to be activated before the system detects the presence of an RAT.
The malware's Telegram channel supports 98 commands that, when entered in the main chat window, allow the RAT owner to steal browser passwords and cookies, navigate the victim's file system in search of confidential data, download a keylogger, record sound through a microphone, take screenshots of the desktop, photos via webcam and extract the contents of the clipboard.
In addition, T-RAT operators can also install a clipboard control interception module that spoofs cryptocurrency addresses, which allows attackers to intercept financial transactions of victims in programs such as Qiwi, WMR, WMZ, WME, WMX, Yandex.money, Payeer, CC , BTC, BTCG, Ripple, Dogecoin and Tron.
In addition, the RAT can also run commands (CMD and PowerShell), block access to specific websites (such as antivirus and technical support sites), disable processes (security and debugging software), and even disable the taskbar and manager. tasks.
A security researcher using the alias 3xp0rt discovered a new Remote Access Trojan (RAT) advertised on Russian-language underground hacker forums. A malicious software called T-RAT sells for $ 45, and its main advantage is the ability to control infected systems through a Telegram channel (and not through a web-based administration panel).
According to the seller, this provides buyers with faster and easier access to infected computers from anywhere, allowing data theft features to be activated before the system detects the presence of an RAT.
The malware's Telegram channel supports 98 commands that, when entered in the main chat window, allow the RAT owner to steal browser passwords and cookies, navigate the victim's file system in search of confidential data, download a keylogger, record sound through a microphone, take screenshots of the desktop, photos via webcam and extract the contents of the clipboard.
In addition, T-RAT operators can also install a clipboard control interception module that spoofs cryptocurrency addresses, which allows attackers to intercept financial transactions of victims in programs such as Qiwi, WMR, WMZ, WME, WMX, Yandex.money, Payeer, CC , BTC, BTCG, Ripple, Dogecoin and Tron.
In addition, the RAT can also run commands (CMD and PowerShell), block access to specific websites (such as antivirus and technical support sites), disable processes (security and debugging software), and even disable the taskbar and manager. tasks.