Shady Rat
Posted: April 11, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 1/10 |
|---|---|
| Infected PCs: | 56 |
| First Seen: | April 11, 2014 |
|---|---|
| Last Seen: | February 13, 2021 |
| OS(es) Affected: | Windows |
The Shady Rat is a Remote Access Tool, or RAT, that grants third parties control over the compromised computer, including the ability to send commands, change system settings, delete files or collect information. The Shady Rat is closely connected to a supporting PC threat, Trojan.Downbot, and boasts a campaign that has been called one of the widespread acts of cyber aggression in the history of threats. Malware researchers confirmed an e-mail's predominant exploitation for spreading the Shady Rat, and any computers suspected to be compromised should enable anti-malware tools for deleting the Shady Rat and related PC threats immediately.
The Trojan that Hides in the Shadow of Art
RATs and backdoor Trojans often have a limited, but highly invasive set of functions, most of which are designed around allowing evil-minded persons to control your PC by sending instructions to the associated threats. The Shady Rat exemplifies how otherwise simple RATs may be used to great effect, and has been responsible for compromising business and government computers around the world. Ironically, this data was gathered by the Shady Rat, itself, which uploaded it to an inadequately secured server, enabling PC security experts to peruse the database.
Many attacks against corporate and government PC users start with e-mail spam, and malware researchers verified that the Shady Rat also uses this method to distribute itself. These messages include the installer for the Shady Rat as a file attachment, which frequently is a Microsoft Excel file or Word document. With its installation out of the way, the Shady Rat uses an unorthodox but effective method to conceal its communications with the Command & Control server: steganography. The Shady Rat conceals unsafe code inside of seemingly safe image files, which malware researchers warn makes its threatening behavior particularly difficult to detect, even by otherwise competent anti-malware solutions.
The Shady Rat is not the only threat to use this technique, which remains limited in use to a small number of particularly advanced PC threats, such as Alueron and some variants of the banking Trojan Trojan Zeus. All of these PC threats include broad functions for compromising a PC, collecting information and installing other threats.
The Dangers of a Computer Overshadowed by the Shady Rat
The Shady Rat may not provide any brilliantly new functions, but what features the Shady Rat does possess are more than ample for allowing cybercrooks to compromise entire corporate networks. Central attacks by the Shady Rat include:
- Enabling a hibernation mode that temporarily terminates the Shady Rat, which may be used to evade anti-malware tools.
- Opening connections to specified servers through any specified port.
- Enabling a remote shell that allows other persons to run arbitrary commands on your PC as if it were their own machine. The Shady Rat also may transmit the results of any commands executed.
- The Shady Rat may upload files arbitrarily, allowing the Shady Rat to collect information.
Even if none of these functions are adequate for compromising a PC fully, the Shady Rat also may install other threats, enabling secondary PC threats to cover over any limitations in its attacks.
Using general anti-malware procedures for removing the Shady Rat and all related threats should be an urgent priority for any compromised PC's user. Needless to say, malware researchers also emphasize safe interactions with suspicious e-mail files, which continue to be one of the primary sources of attacks against government agencies and companies using otherwise secure networks.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.