How to Remove the TSCookieRAT

Ther TSCookieRAT is a malicious piece of software whose first involvement in a large-scale attack campaign was in 2018. The malware is designed to infect systems running on the Windows operating system, and it is believed to be developed and used by an Advanced Persistent Threat (APT) actor tracked under the alias BlackTech. The TSCookieRAT's previous campaigns were focused on Japanese entities. Victims were approached via fraudulent emails that contained a malicious attachment. The messages were crafted to look as if they were sent by reputable entities such as the Japanese Ministry of Culture, Education, Sports, or Science and Technology.

The best way to stop malware like the TSCookieRAT is to keep computers protected by a trustworthy anti-malware application. Systems without sufficient protection may be infected by the TSCookieRAT silently, and their owners might have no idea that a Remote Access Trojan (RAT) is active on their device. While the TSCookieRAT is online, it will communicate with a remote command-and-control server to transmit information about the compromised device, as well as to receive commands from the attackers.

TSCookieRAT's abilities enable its operators to execute remote commands, request information about the hard drive and system configuration, work with the file system, and steal data from Web browsers like Firefox, Chrome, Explorer, and Edge. It also supports the ability to obtain passwords and email archives from the Microsoft Outlook email client.

The 2018 campaign of the TSCookieRAT is not the last time this malware family was used. It is still active in 2021, and malware researchers have recovered samples that are compatible with the Linux operating systems. Apparently, the BlackTech APT criminals are expanding their reach by crafting malware compatible with multiple operating systems. As mentioned earlier, the best way to stop top-level malware like this one is to invest in reputable antivirus software.

April 16, 2021