What is PowerShell RAT and How To Remove It
PowerShell RAT is the rather generic name for a newly discovered remote access trojan. The malicious tool can execute PowerShell commands that can compromise the target system.
The PowerShell RAT is primarily targeting German-speaking users who are looking up news related to the Russian invasion of Ukraine. The malicious file is titled "2022-Q2-Bedrohungslage-Ukraine". This implies that it contains information about the "threat situation" in Ukraine over the second quarter of the current year. The malware is packaged in the guise of a Windows Help .chm file, of all things.
There is at least one confirmed web page that distributed the PowerShell RAT. The malicious site is designed to mimic the official Baden-Wurtemberg website.
Generally speaking, remote access trojans are dangerous malicious tools. A system compromised by a RAT allows the malware's operators to execute remote commands, scrape information from the target system and perform a number of malicious actions on it.
RAT functionality can include directory and file enumeration and exfiltration, system information scraping, executing remote commands and changing system security settings through PowerShell commands.
All of this makes RATs similar to the PowerShell RAT dangerous malicious tools in the arsenal of threat actors.