Remote Access Trojan 'HiatusRAT' Targets Router Firmware

Researchers with Lumen Black Lotus Labs discovered a new malware campaign that they have named "Hiatus". This campaign targets business-grade routers, mainly the DrayTek Vigor models 2960 and 3900, which can support VPN connections for remote workers and are ideal for medium-sized businesses. Once infected, the malware deploys two malicious binaries - a Remote Access Trojan (RAT) known as HiatusRAT.

The HiatusRAT allows the attackers to remotely interact with the infected system and convert it into a covert proxy. The binary focused on packet capturing allows the actor to monitor router traffic on the ports associated with email and file-transfer communications. The threat actors behind the campaign have primarily targeted end-of-life routers running an i386 architecture, but prebuilt binaries that target MIPS, i386, and ARM-based chips were also uncovered.

Lumen Black Lotus Labs® has identified at least 100 infected victims, mainly in Europe and Latin America, using proprietary telemetry from the Lumen global IP backbone. The latest version of the malware became active in the middle of 2022. The campaign is suspected to be targeting data collection and establishing a covert proxy network.

The Hiatus campaign is made up of three components: a bash script, HiatusRAT, and a variant of tcpdump that enables packet capture. HiatusRAT serves two purposes - to remotely interact with the infected device and to act as a SOCKS5 proxy device on the router. This enables the actor to proxy C&C traffic through the router to obfuscate command and control from an additional agent elsewhere.

What is a Remote Access Trojan?

A Remote Access Trojan (RAT) is a type of malicious software that provides unauthorized access to a victim's computer or network. RATs are usually spread via phishing emails, social engineering tactics, or software exploits. Once installed, the attacker gains remote control over the compromised device and can perform various actions such as stealing sensitive data, modifying files, or installing additional malware. RATs can also be used to spy on the victim's activities, record keystrokes, take screenshots, and turn on the victim's camera and microphone. RATs are considered a severe threat to privacy and security, and users should take steps to prevent their installation, such as keeping their antivirus software up to date and avoiding suspicious email attachments or downloads.

By Zaib
March 7, 2023
Trojan
English
March 7, 2023
Trojan

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Trojan

RotaJakiro Trojan Targets Linux Systems

The RotaJakiro Trojan is a Linux-compatible piece of malware whose creators have paid extra attention to making their payload as difficult to analyze as possible. While many malware developers tend to pay attention to... Read more

April 29, 2021
Trojan

KEYSTEAL Trojan Targets Macs To Steal Data

KEYSTEAL is the name of a Trojan malicious application. As the name suggests, KEYSTEAL is developed to steal information contained in a Mac's Keychain password storage. Keychain is a proprietary Apple password... Read more

November 21, 2022
Trojan

Serpent Trojan Targets French Users and Institutions

The Serpent Backdoor Trojan is a piece of malware, which was recently observed attacking companies and institutions based in France. The criminals were approaching their victims through phishing emails, which were... Read more

March 22, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.