GodRAT is a newly identified remote access trojan targeting financial institutions, particularly through the distribution of disguised malicious screen saver files via Skype messenger. This malware employs steganography to conceal shellcode within image files, allowing it to download components from a command-and-control server. GodRAT is based on the publicly leaked Gh0st RAT, following a plugin architecture for enhancing its functions. It communicates over TCP to gather system and antivirus details, sending this information back to the C2 server for further instruction and deployment of secondary payloads.
Financial institutions are facing targeted attacks from a newly identified remote access trojan called GodRAT, which utilizes steganography to conceal malicious files.
GodRAT is based on Gh0st RAT and employs a plugin-based approach to harvest sensitive information and deliver additional payloads like AsyncRAT.
The attacks involve the distribution of malicious screen saver files disguised as financial documents via Skype messenger, detected in multiple countries since September 2024.
The malware establishes communication with a command-and-control server, collecting system information and installed antivirus software to facilitate further malicious actions.
Collection
[
|
...
]