A RAT that spies on computers

Note4students

Mains paper 3: Internal Security| Basics of cyber security

From UPSC perspective following things are important:

Prelims level: Gravity-RAT, CERT-In

Mains level: Rising incidents of malwares causing hacking of govt websites and ways to deal with them


News

A Malware designed by Pakistani hackers

  1. GravityRAT infiltrates a system in the form of an innocuous-looking email attachment, which can be in any format, including MS Word, MS Excel, MS PowerPoint, Adobe Acrobat or even audio and video files
  2. The ‘RAT’ in its name stands for Remote Access Trojan, which is a program capable of being controlled remotely and thus difficult to trace
  3. The hackers first identify the interests of their targets and then send emails with suitable attachments
    The RAT was first detected by Indian Computer Emergency Response Team (CERT-In), on various computers in 2017.

Features of RAT (Remote Access Trojan)

  1. It is designed to infiltrate computers and steal the data of users and relay the stolen data to Command and Control centers in other countries.
  2. The latest update to the program by its developers is part of GravityRAT’s function as an Advanced Persistent Threat (APT), which, once it infiltrates a system, silently evolves and does long-term damage.
  3. It lies hidden in the system that it takes over and keeps penetrating deeper
  4. According to latest inputs, GravityRAT has now become self-aware and is capable of evading several commonly used malware detection techniques.

Why is RAT so dangerous?

  1. The sandboxing technique is used to isolate malware from critical programs on infected devices and provide an extra layer of security.
  2. The problem, however, is that malware needs to be detected before it can be sandboxed, and GravityRAT now has the ability to mask its presence
  3. Typically, malware activity is detected by the ‘noise’ it causes inside the Central Processing Unit, but GravityRAT is able to work silently
  4. It can also gauge the temperature of the CPU and ascertain if the device is carrying out high-intensity activity, like a malware search, and act to evade detection

Problem with the data leaked

  1. The other concern is that the Command and Control servers are based in several countries
  2. The data is sent in an encrypted format, making it difficult to detect exactly what is leaked
Cyber Security – CERTs, Policy, etc
  • Subscribe

    Do not miss important study material

Leave a Reply

Please Login to comment
  Subscribe  
Notify of