ObliqueRAT, Download an image to catch the virus

The Hacker They are constantly searching and discovering new techniques to hide their malware from antivirus and the latest discovery made by researchers Cisco-Talos They prove it: the new version of the virus is running ObliqueRAT It hides the dangerous code inside harmless images .bmp Offered on hacker-controlled websites.

ObliqueRAT is not a new virus: it was first spotted “Remote Access Trojan“It’s a year old. However, the technique of hiding it and making it invisible to virus scanners is new. This technique is called.”Steganography“And is inserting into the image file creation information, Small information This generates malicious code that affects the device. The human eye cannot tell the difference between the original image and the hidden information, so the user does not notice anything because the virus infects his computer. After all, not many people notice it Antivirus.

How ObliqueRAT works

Takes place via the spread of ObliqueRAT Hacked websites: Apparently they are harmless (and the site owner does not notice anything), but they are loaded with steganography-modified images.

L ‘Infection It starts when the user downloads the compromised Microsoft Office document on their computer, which is usually provided via Email in phishing. The document contains macros that download the file while it is running on the computer .bmp Infected.

This does not mean office file or adjoining .bmp, Are immediately identified as dangerous by security systems and then prevented. The first is that there is no real virus in it, the second is that it is well hidden because it is in it. The second variant of ObliqueRAT involves downloading a file .bmp In turn there is a file .zip.

Overall Versions of ObliqueRAT So far so good that Talos has found Quattro: The first was intercepted in April 2020, the fourth in November 2020.

Why ObliqueRAT is dangerous

ObliqueRAT is dangerous because it spreads in a purified way and because it is a rat, a Remote Access Trojan. RATs are designed to read as much information as possible about the affected device and send it to the remote control server.

This malware seems to be linked to a group activity Pakistani hackersIt mainly affects users from Southeast Asia. However, as has often happened in the past, computer viruses have very unstable borders and it is easy to export them to other countries. Therefore, there is no denying that ObliqueRAT may come soon Europe.