Skip to main content
search
Articles

Modular Remote Access Trojan Uses Sophisticated Techniques to Avoid Detection

By September 11, 2018#!28Thu, 28 Feb 2019 10:40:07 -0300p0728#28Thu, 28 Feb 2019 10:40:07 -0300p-10America/Sao_Paulo2828America/Sao_Paulox28 28am28am-28Thu, 28 Feb 2019 10:40:07 -0300p10America/Sao_Paulo2828America/Sao_Paulox282019Thu, 28 Feb 2019 10:40:07 -03004010402amThursday=904#!28Thu, 28 Feb 2019 10:40:07 -0300pAmerica/Sao_Paulo2#February 28th, 2019#!28Thu, 28 Feb 2019 10:40:07 -0300p0728#/28Thu, 28 Feb 2019 10:40:07 -0300p-10America/Sao_Paulo2828America/Sao_Paulox28#!28Thu, 28 Feb 2019 10:40:07 -0300pAmerica/Sao_Paulo2#No Comments

Source: IBM Security - August 10, 2018 @ 10:21 AM

Security researchers have discovered a new Trojan modular remote access system nicknamed HTTP parasite, which uses sophisticated techniques to avoid detection.

In July 2018, Proofpoint noted selling offers for modular RAT in underground web markets. The researchers monitored an email attack campaign that used human resource distribution (HR) lists to mislead recipients and open what appeared to be Microsoft Word summaries and resumes. Attachments contained malicious macros that downloaded RAT from a remote site, if enabled.

HTTP parasite employs a series of evasive techniques, including leveraging a sleep routine to check for sandboxes and delay execution and bypassing the allocation of critical buffers to produce a failure if a sandbox is detected.

What is driving the evasive malware outbreak?

The parasite HTTP RAT is just one of many threats that feed an outbreak of malware evasive. According to Minerva Labs, 86% of exploit kits and 85% of malicious payloads detected in 2017 employed evasive techniques, including memory injection (48%), malicious document files (28%) and environment testing (24%).

How to Defend Against an Evasive Remote Access Trojan

Samples of malware evasions pose a significant threat to organizations as they can slip under many traditional security solutions. To help defend corporate networks against these threats, experts at IBM Security recommend keeping antivirus solutions up to date by scanning the environment for known compromise indicators (IoCs) and keeping applications and operating systems running in the latest publicly released patch.

Security experts also advise security teams to use the intelligence ofphishing to combat the spread of advanced threats such as Parasite HTTP and other malwareevasive.

 

About [SAFEWAY]

THE [SAFEWAY] is a widely recognized company as a provider of premium information security and cybersecurity solutions. From its extensive portfolio, we highlight several solutions, including those based on platforms:

  • Archer da RSA Security, considered by the institutes Gartner and Forrester and by the market itself, the most complete process integration solution for Governance, Risk Management, Compliance and Business Continuity Management;
  • [SAFEWAY]Security Tower, supported by IBM Qradar (Watson technology), tailored to each organization in its security and cyber defense management needs.
  • And others, involving technologies ImpervaThalesBeyondTrust,  WatchGuard Technologies.

Leave a Reply

Close Menu