Both legitimate remote access tools and malicious ones can allow close to user-level control over a device. This malware is capable of causing chain infections, and it has been confirmed to inject the following Remote Access Trojans and stealers into systems: Remcos, NanoCore, njRat, AsyncRAT, RedLine, Ducky, Cypress, and AZORult.
It then sets the RAT password to a fixed one - thereby only requiring the ID to establish remote access/control.
SpyAgent can abuse the vulnerabilities of specific genuine Remote Access Tools (e.g., TeamViewer, Safib Assistant, etc.) to obtain the device's ID. SpyAgent has been actively proliferated via malicious cryptocurrency-themed websites. This malware has also been observed injecting devices with various Remote Access Trojans and data-stealers. SpyAgent is a malicious program known to abuse legitimate Remote Access Tools (RATs) to gain access and control over infected machines.
0 kommentar(er)
