Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
The open-source remote access trojan known as Quasar RAT has been observed leveraging DLL side-loading to fly under the radar and stealthily siphon data from compromised Windows hosts.

"This technique capitalizes on the inherent trust these files command within the Windows environment," Uptycs researchers Tejaswini Sandapolla and Karthickkumar Kathiresan said in a report published last week, detailing the malware's reliance on ctfmon.exe and calc.exe as part of the attack chain.

Also known by the names CinaRAT or Yggdrasil, Quasar RAT is a C#-based remote administration tool capable of gathering system information, a list of running applications, files, keystrokes, screenshots, and executing arbitrary shell commands.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top