RAT Hides as Windows® and Yahoo!® Messenger
Download the full research paper: FAKEM RAT:Malware Disguised as Windows® Messenger and Yahoo!® Messenger
Attackers often use remote access Trojans (RATs), which typically have graphical user interfaces (GUIs) and remote desktop features that include directory browsing, file transfer, and the ability to take screenshots and activate the microphone and web camera of a compromised computer. Attackers often use publicly available RATs like Gh0st, PoisonIvy, Hupigon, and DRAT, and “closed-released” RATs like MFC Hunter and PlugX. However, the network traffic these RATs produce is easily detectable although attackers still successfully use them.
Attackers always look for ways to blend their malicious traffic with legitimate traffic to avoid detection. We found a family of RATs that we call “FAKEM” that make their network traffic look like various protocols. Some variants attempt to disguise network traffic to look like Windows® Messenger and Yahoo!® Messenger traffic. Another variant tries to make the content of its traffic look like HTML. While the disguises the RATs use are simple and distinguishable from legitimate traffic, they may be just good enough to avoid further scrutiny.
HIDE
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
Messages récents
- A Hidden Vulnerability in Healthcare: Exposed DICOM Servers and the Risk to Patient Data
- Update on Exposed MCP Servers: The Threat Widens to the Cloud
- From Stealers to Systems: The New Model of Credential Theft
- Edge Under Siege: How State-Sponsored Actors Exploit Your Perimeter
- 2025 APT Report: Staying Ahead of the Modern Threat Landscape
Fault Lines in the AI Ecosystem: TrendAI™ State of AI Security Report
It’s By Design: The Use-After-Free of Azure Cloud
Ransomware Spotlight: Agenda
Guarding LLMs With a Layered Prompt Injection Representation