Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Xtreme RAT: A deep insight into the remote access trojan’s high profile attacks

The AchieVer

By The AchieVer
in Security & Privacy News

Recommended Posts

The AchieVer

The AchieVer

Posted
Posted

Xtreme RAT: A deep insight into the remote access trojan’s high profile attacks

 

cyber, crime, attack, network, secure, display, password, hack, red, policy, privacy, concept, antivirus, denied, crack, code, safe, internet, tech, malware, data, digital, word, technology, security, computer, abstract, protection, system, protect, monitor, safety, web, blue, text, secrecy, defend, access, pixelated, information, background, encryption, virus, online, dddaiabaae, granted, hacker,
 
  • Its capabilities include uploading or downloading files, manipulating running processes and services, capturing screenshots of victim’s computers, recording audios and videos via microphone or webcameras, and interacting with the registry.
  • Its victims include financial organizations, telecom companies, gaming companies, the IT sector, the energy and utility sector, and more.

 

Xtreme RAT which was developed by ‘xtremecoder’ is written in Delphi. The Remote Access Trojan is active since 2010. The source code of Xtreme RAT has been leaked online.

 

Its capabilities include uploading or downloading files, manipulating running processes and services, capturing screenshots of victim’s computers, recording audios and videos via microphone or webcameras, and interacting with the registry.

 

Xtreme RAT has infected several financial organizations, telecom companies, gaming companies, the IT sector, the energy and utility sector, and more.

Xtreme RAT attacks against Israel

 

  • In 2012, Attackers used Xtreme RAT to target Israeli and Palestinian governments.
  • In 2015, attackers gained unauthorized access to Israel defense systems and compromised the systems using the Xtreme RAT.

 

Molerats attacks

 

In 2014, Xtreme RAT was used to target US financial institutions and European government organizations. The targets of the spear-phishing campaign includes Palestinian and Israeli surveillance organizations, Government departments in Israel, Turkey, Slovenia, Macedonia, New Zealand, Latvia, the US, and the UK, The Office of the Quartet Representative, the British Broadcasting Corporation (BBC), a major U.S. financial institution, and Multiple European government organizations.

 

W32.Extrat campaigns

 

In 2015, Colombian financial employees were targeted with multiple phishing email campaigns delivering Xtreme RAT. The four attack teams Caramel, Cuent, Maga, and Molotos targeted Colombian financial employees with phishing emails disguised as payments and tax-related emails that included the W32.Extrat attachments.

 

Malspam campaign

 

In 2017, researchers observed amalspam campaign delivering the Xtreme RAT. The malspam campaign targeted Spanish speaking users. The phishing emails sent to the targets lured them into executing the malicious Macro.

 

In a recent report, researchers analyzed Xtreme RAT and stated that the victim organizations include a European video game company, Middle Eastern, South Asian, and East Asian telecommunications companies, an East Asian industrial conglomerate, and an East Asian IT company.

 

 

 

 

Source

Link to comment
Share on other sites
  • Replies 2
  • Views 535
  • Created
  • Last Reply
Ha91

Ha91

Posted
Posted

Where are they from?

Are they from a rogue state (China, Russia or North Korea)/independent team of an intelligence agency?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...