ApolloRAT Uses Multiple Tricks to Evade Detection

ApolloRAT is the name of a newly discovered remote access trojan.

ApolloRAT is originally written in Python, but it also uses several tricks to make detection more difficult. ApolloRAT makes use of a source-to-source compiler called Nuitka - an environment that takes the original source code of a program, then transcribes it to a different programming language. In addition to this, ApolloRAT uses the Discord platform as its C2 server, which further complicates analysis and detection.

According to researchers, the RAT can also check if it's running within a virtual environment and can kill Windows Defender processes.

Remote access trojans of this kind are specialized in data exfiltration and remote control of the infected system. ApolloRAT can reportedly run shell commands on the infected system, cause it to crash or shut down, as well as force the browser to open specific links that will usually point to malicious or phishing pages.

This sort of threat can usually only be eliminated by a robust antivirus suite.

By Zaib
July 19, 2022
Trojan
English
July 19, 2022
Trojan

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Computer Security

Malware Resorts to Unusual Programming Languages to Evade Detection

Researchers with Blackberry Research and Intelligence have published a new report highlighting an interesting trend in malware. The research paper shows that a growing number of malware coders are starting to turn to... Read more

July 26, 2021
Malware

Win32/Heri Detection

Win32/Heri is the name given by antivirus software to a heuristically-motivated detection. This means that the detection does not correspond to a specific known virus or malicious file found in the software's... Read more

June 22, 2022
Scam

Checkpcsecurity.com Uses Fake Virus Warnings

Checkpcsecurity.com is a dangerous Web page that hosts a simple, but effective scam. The pop-ups that Checkpcsecurity.com displays in Web browsers are designed to look as if they come from a reputable anti-virus... Read more

March 17, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.