Go to listing page

Xtreme RAT: A deep insight into the remote access trojan’s high profile attacks

Xtreme RAT: A deep insight into the remote access trojan’s high profile attacks
  • Its capabilities include uploading or downloading files, manipulating running processes and services, capturing screenshots of victim’s computers, recording audios and videos via microphone or webcameras, and interacting with the registry.
  • Its victims include financial organizations, telecom companies, gaming companies, the IT sector, the energy and utility sector, and more.

Xtreme RAT which was developed by ‘xtremecoder’ is written in Delphi. The Remote Access Trojan is active since 2010. The source code of Xtreme RAT has been leaked online.

Its capabilities include uploading or downloading files, manipulating running processes and services, capturing screenshots of victim’s computers, recording audios and videos via microphone or webcameras, and interacting with the registry.

Xtreme RAT has infected several financial organizations, telecom companies, gaming companies, the IT sector, the energy and utility sector, and more.

Xtreme RAT attacks against Israel

  • In 2012, Attackers used Xtreme RAT to target Israeli and Palestinian governments.
  • In 2015, attackers gained unauthorized access to Israel defense systems and compromised the systems using the Xtreme RAT.

Molerats attacks

In 2014, Xtreme RAT was used to target US financial institutions and European government organizations. The targets of the spear-phishing campaign includes Palestinian and Israeli surveillance organizations, Government departments in Israel, Turkey, Slovenia, Macedonia, New Zealand, Latvia, the US, and the UK, The Office of the Quartet Representative, the British Broadcasting Corporation (BBC), a major U.S. financial institution, and Multiple European government organizations.

W32.Extrat campaigns

In 2015, Colombian financial employees were targeted with multiple phishing email campaigns delivering Xtreme RAT. The four attack teams Caramel, Cuent, Maga, and Molotos targeted Colombian financial employees with phishing emails disguised as payments and tax-related emails that included the W32.Extrat attachments.

Malspam campaign

In 2017, researchers observed a malspam campaign delivering the Xtreme RAT. The malspam campaign targeted Spanish speaking users. The phishing emails sent to the targets lured them into executing the malicious Macro.

In a recent report, researchers analyzed Xtreme RAT and stated that the victim organizations include a European video game company, Middle Eastern, South Asian, and East Asian telecommunications companies, an East Asian industrial conglomerate, and an East Asian IT company.

Cyware Publisher

Publisher

Cyware