New Malware Strain RATDispenser: A Threat to Your Sensitive Data

Threat actors are utilizing a previously unseen JavaScript malware named RATDispenser that acts as a loader to distribute remote access Trojans (RATs) and information stealers. This new and elusive malware has been discovered to deploy at least eight different malware families in 2021. HP Threat Research has discovered 155 samples of this malware spread across three different variants, indicating that the malware is under active development.

RATDispenser gains an initial foothold on the system before launching secondary malware that establishes control over the compromised device. security researcher Patrick Schläpfer said. The malware is capable of stealing sensitive information and giving the attackers control over the victim's device. The starting point of the infection is a phishing email containing a malicious attachment, which appears as a text file but is obfuscated JavaScript code. This code writes and executes a VBScript file, which in turn downloads the final-stage malware payload on the infected machine.

RATDispenser has been observed dropping different kinds of malware, including STRRAT, WSHRAT (also known as Houdini or Hworm), AdWind (also known as AlienSpy or Sockrat), Formbook (also known as Loader), Remcos (also known as Socmer), Panda Stealer, CloudEyE (also known as GuLoader), and Ratty. These malware families are capable of siphoning sensitive data from compromised devices and targeting cryptocurrency wallets.

The presence of different malware families and the preference of malware operators to drop their payloads suggest that the authors of RATDispenser may be operating under a malware-as-a-service business model. This is a concerning development as it means that even inexperienced attackers can access sophisticated tools to carry out successful cyberattacks.

In conclusion, RATDispenser is a threat to sensitive data, and it is crucial to be aware of this new strain of malware. To protect against RATDispenser and similar threats, it is recommended to follow best practices for cyber security, such as keeping software up-to-date, using strong and unique passwords, avoiding suspicious emails and attachments, and using antivirus software.

Thank you for reading our blog today. We hope you found the information helpful and informative. If you enjoyed this blog, be sure to follow us on Twitter, Instagram, Linkedin, GitHub, Website, and Youtube for more interesting content and updates. If you have any questions or comments, please feel free to reach out to us. We would love to hear from you. Don't forget to share this with your friends and family who may also find this information useful. Thank you for your support and stay tuned for more!