ApolloRAT Uses Multiple Tricks to Evade Detection
ApolloRAT is the name of a newly discovered remote access trojan.
ApolloRAT is originally written in Python, but it also uses several tricks to make detection more difficult. ApolloRAT makes use of a source-to-source compiler called Nuitka - an environment that takes the original source code of a program, then transcribes it to a different programming language. In addition to this, ApolloRAT uses the Discord platform as its C2 server, which further complicates analysis and detection.
According to researchers, the RAT can also check if it's running within a virtual environment and can kill Windows Defender processes.
Remote access trojans of this kind are specialized in data exfiltration and remote control of the infected system. ApolloRAT can reportedly run shell commands on the infected system, cause it to crash or shut down, as well as force the browser to open specific links that will usually point to malicious or phishing pages.
This sort of threat can usually only be eliminated by a robust antivirus suite.