2023 Q3 Threat Report: Alarming Rise in Remote Access Trojan Infiltrations
In the third quarter of the 2023 Threat Insights Report recently published by HP Wolf Security, a significant surge in campaigns deploying Remote Access Trojans (RAT) is recorded. Experts note an increase in RAT utilization, often lurking within seemingly legitimate Excel and PowerPoint files attached to emails.
The report indicates that so-called malware ‘meal kits’, priced under $100, are facilitating the rise of RAT attacks. Notably, there has been a spike in the activity of Parallax RAT, disguised as invoices, with kits for their creation available for a mere $65 per month on hacking forums.
Researchers also observe that criminals are recruiting novice hackers into using RATs, offering malicious software kits, such as XWorm, on seemingly legitimate platforms like GitHub. There is also the emergence of new kits, including DiscordRAT 2.0.
Alex Holland, a senior malware analyst at HP, emphasizes that 80% of the threats logged by their systems for the quarter originated from emails. Interestingly, some hackers target less experienced peers, employing RATs in their schemes, a topic we delved into yesterday.
Parallax RAT, which ranked 46th in popularity for malware in the second quarter of 2023, leaped to 7th place in the following quarter. This indicates a growing interest among criminals in this type of malware.
Parallax had previously been associated with various campaigns at the start of the coronavirus pandemic, and according to researcher Arnold Osipov from Morphisec, it was already capable of circumventing sophisticated detection solutions, stealing credentials, and executing remote commands.
In 2023, Parallax RAT is becoming an increasingly significant threat; however, other variants of remote access trojans also enjoy considerable popularity among hackers.
Remcos RAT, first detected in 2016, also successfully leverages Microsoft Office as a distribution channel. Furthermore, HP specialists noted the rising popularity of the Houdini RAT based on VBScript, which has been circulating since 2013.
Nevertheless, considering Microsoft’s plans to gradually phase out VBScript, these threats may be short-lived. Microsoft has announced that VBScript will only be available on request in future versions of Windows and will eventually be completely removed from the system.
“While the tools for crafting stealthy attacks are readily available, threat actors still rely on the user clicking,” continues Alex Holland. “To neutralize the risk of pre-packaged malware kits, businesses should isolate high-risk activities, like opening email attachments, link clicks, and downloads. This significantly minimizes the potential for a breach by reducing the attack surface.”
