New GodRAT Trojan Targets Financial Trading Firms via Skype
A new cyber threat has emerged targeting financial institutions, specifically trading and brokerage firms. Dubbed GodRAT, this Remote Access Trojan (RAT) is distributed via Skype Messenger, disguised as financial documents in the form of malicious .SCR (screensaver) files, according to an analysis by Kaspersky researcher Saurabh Sharma.
Technical details reveal the use of steganography to conceal the malicious payload, coupled with code derived from the infamous Gh0st RAT. Gh0st RAT is notorious for its use in advanced persistent threat (APT) campaigns, often attributed to state-sponsored actors. The use of steganography indicates a sophisticated attack vector designed to evade traditional security measures.
The choice of Skype Messenger as the distribution channel suggests a targeted approach, likely leveraging social engineering tactics to trick employees into executing the malicious files. The use of .SCR files is notable, as these are less commonly scrutinized than typical executable files, potentially bypassing some security controls.
For cybersecurity professionals, this campaign underscores the importance of monitoring less common file types and securing communication platforms. The emergence of GodRAT, potentially linked to Gh0st RAT, signals a continued evolution in malware tactics, with attackers refining their techniques to maintain persistence and evade detection.
The targeting of financial trading firms highlights the ongoing threat to the financial sector, where attackers seek to gain access to sensitive financial data, trading algorithms, or direct financial theft. Organizations in this sector should enhance their security posture, focusing on employee awareness, robust endpoint protection, and network monitoring to detect and mitigate such threats.
The GodRAT campaign is a sophisticated threat that combines social engineering, steganography, and a potentially modified version of a well-known RAT. Cybersecurity professionals should take note of the tactics and techniques used in this campaign and ensure that their defenses are prepared to detect and mitigate such threats.