VileRAT Malware Used to Target Crypto Trading Companies

VileRAT is the name of a piece of multi-functional malware that was used to target a number of entities located in European and Middle-Eastern countries over the course of the last 12 months.

VileRAT was responsible for attacks primarily on foreign exchange and cryptocurrency trading entities and organizations. The malware is linked to the threat actor known by the alias of DeathStalker.

VileRAT uses an infection chain that commonly starts with a malicious Office file. The infection relies on injecting malicious macros injected from a remote DOTM template.

The next step of the chain involves the VileDropper component of the malware, which relies on obfuscated JavaScript code used to deliver the VileLoader module. Ultimately, VileLoader is responsible for downloading and executing the final VileRAT payload.

VileRAT itself has a very versatile toolkit at its disposal. It can execute arbitrary commands, log keystrokes, establish persistence through scheduled tasks, list anti-malware software installed on the victim system and update itself from its command and control servers, as well as delete files.

VileRAT has been used in attacks on targets located in several European countries, including Russia, as well as against targets in Kuwait and the United Arab Emirates.

August 16, 2022
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.