TigerRAT - a Lazarus Group Tool
TigerRAT is a new malicious tool that researchers believe is linked to the advanced persistent threat actor known as Lazarus Group.
Lazarus Group is a threat actor believed to be comprised of North Korean individuals, sponsored and backed by the country's government.
The TigerRAT is a multi-functional remote access trojan that works in tandem with another malicious tool used by the Lazarus Group called MagicRAT. MagicRAT has less functionality than TigerRAT but is used as an initial infiltration tool. The MagicRAT tool is used to download and deploy TigerRAT on infected systems.
TigerRAT has a wider range of malicious capabilities, including collecting device information such as OS version and device name, among others. The tool can also manipulate files on the targeted system, including all common file operations such as copying, deleting, renaming and moving files, as well as downloading files.
TigerRAT can also record keystrokes and capture screenshots of the infected system. The analysis of the malware shows that its developers are also trying to implement screen video recording, but that module is not fully functional yet.