What is the new FatalRAT remote access Trojan found on Telegram? AT&T Alien Labs has published a report on the new virus program FatalRAT, which recently began spreading via Telegram.
A new especially dangerous virus was discovered in Telegram. We are talking about the FatalRAT remote access Trojan, which allows hackers to remotely attack a computer or smartphone and control it remotely.
What is known about FatalRAT?
Malicious software called FatalRAT is launched remotely. Once inside the system, the Trojan records keystrokes, collects information about the operating system, and transmits all data to hackers over an encrypted channel. It can also remove user information from specific web browsers – Firefox, Chrome, Edge, QQBrowser, 360Secure Browser, and SogouBrowser.
Before completely infecting the system, FatalRAT tries to count the number of physical processes and determine the available disk space. In addition, the Trojan completely disables the ability to use the CTRL + ALT + DELETE command. After that, the virus launches a keylogger (from the English key – a key and logger – a recording device) – software or hardware device that records various user actions – keystrokes on the computer keyboard)).
Then FatalRAT tries to determine which anti-virus programs are running on the attacked system, in parallel with this process, the Trojan pulls information from browsers.
How does a Trojan get into gadgets?
The main way the virus spreads is through fake links to articles in the media and to various programs and games. According to cybersecurity experts from AT&T, the virus is capable of collecting system information and extracting data.
What is the danger of the new virus?
FatalRAT is not easy to detect, but its main danger is that the Trojan collects all system information and extracts any information from the infected device. At the same time, the virus can independently make changes to the settings of computers and phones, manage external connections and web browsers. FatalRAT can also steal confidential and personal data of users, as well as spread over the victim's network using brute force (hacking accounts by brute-force passwords to them).
Why does the virus attack Telegram?
The main reason cybercriminals use Telegram is because the application is not blocked by network management tools or antivirus software. In addition to this, the messenger allows attackers to remain anonymous, since all they need to register is a phone number.
How can you prevent a FatalRAT attack?
A good antivirus program is required to detect the Trojan, as the malicious software is installed under a random name and may look like any other regular application.
If you are not using remote administration tools, you should:
What to do after a FatalRAT attack?
The first thing to do is to disconnect the system from the network, change all your passwords and other confidential information. You also need to check bank accounts for fraudulent transactions and report the attack to the bank. After that, you need to scan the gadget for problems and seek professional help to remove malicious software.
