Botnet Activity in 2018 Shows Increased Distribution of RATs

Recent analysis by Kaspersky Lab researchers indicates that threat actors are increasingly distributing multipurpose malware, which can be deployed in a variety of attack scenarios.

More than 150 Malware Families Analyzed

The team analyzed more than 150 malware families along with their modifications across 60,000 botnets across the globe. The results show that the distribution of multipurpose remote access tool (RATs) has nearly doubled since the beginning of 2017 (from 6.5% in 2017 to 12.2% in 2018).

Kaspersky Lab has been tracking the activity of botnets using Botnet Tracking, a technology that emulates infected computers (bots) to retrieve operational data about the actions of botnet operators, the report clarifies.

After analyzing the files downloaded by the bots, the researchers were able to identify the most widespread families. It should be noted that the top of the list of most “popular” downloads changes little over time.

Most Widespread RATs

The most widely spread RATs are njRAT, DarkComet, and Nanocore, all of which are described as malware tools that can be modified according to the attackers’ needs. This also means that the malware tools can be adapted for specific regions. For instance, njRAT was found to have command and control centers in 99 countries, simply because it is extremely easy for threat actors to configure a personal backdoor based on the tool, without needing special knowledge in malware development.

In 2018, as last year, the backdoor njRAT accounted for many downloads. Its share among all files downloaded by bots increased from 3.7% to 5.2%, meaning that more than 1 in each 20 bot-downloaded files is njRAT. This widespread distribution is due to the variety of versions of the malware and the ease of setting up one’s own backdoor, creating a low entry threshold.

For instance, one recent (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Milena Dimitrova. Read the original post at: