The MisterySnail RAT Targets IT Companies and Defense Contractors

The MysterySnail RAT is a new piece of malware targeting Windows systems. It has been active since August 2021, and its operators are exploiting zero-day vulnerabilities in Microsoft Windows versions. The latest vulnerability is CVE-2021-40449, but criminals also are relying on older exploits that some systems might not be protected against – such as CVE-2016-3309.

After the discovery of the MysterySnail RAT, researchers were able to identify the same payload in older attacks that targeted IT companies, diplomatic entities, and contractors involved in the military and defense sectors. Allegedly, the recent usage of the MysterySnail RAT might be attributed to the Chinese-based Advanced Persistent Threat (APT) actor known as Iron Husky.

The MisterySnail RAT Uses Randomly Generated Code for Obfuscation

Often, malware developers aim to make their payloads as light as possible. This reduces the attention they attract, and also could enable them to fly under the radar of specific security tools. The MysterySnail RAT is quite chunky in terms of size – its executable is over 8MB. However, the attackers are using the extra storage space to store a randomly generated code, which aims to obfuscate the true, threatening nature of the executable files. This might be the reason why MysterySnail RAT was identified and dissected properly just now.

When the MysterySnail RAT infects a machine, it will gather and send information to the attacker's server. This data includes the computer's name and user name, the exact Windows version the system uses, and its local IP address. The criminals are able to send remote commands to operate the implant, and tell it to perform the tasks it supports:

  • Starting and closing processes.
  • Get hard drive data, partitions, folders, and files information.
  • Upload and execute files.
  • Modify the file system.
  • Put the implant to sleep for a set time.
  • Open a proxy connection.

The discovery of the MysterySnail RAT and its infrastructure has helped malware researchers learn more about Iron Husky's current operations.

October 15, 2021
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.