Your mouse may actually be a RAT in disguise

Status
Not open for further replies.

madyrocksin

New Member
Thread author
Jul 30, 2012
510
security_breach.png


Security researchers have discovered a Trojan that attaches its malicious code to routines normally used only to control the inputs from mouse clicks.
The tactic is designed to smuggle malicious code past automated threat analysis systems. During such procedures there's no user input and certainly no mouse moving and clicking. The malicious code is designed to remain inactive unless the mouse itself is in use, giving a fair chance that the RAT (remote access Trojan) will remain undetected.

The growing volume of malware means automated threat analysis systems are increasingly important. Only the more unusual analysis work gets passed on to human analysts. Even if the mouse-attached RAT gets caught out at this stage it still gains extra longevity. The development means that anti-virus firms will probably need to include a virtual mouse clicker and nudger in their automated analysis routines.
The sneaky mouse-hogging malware was detected by security researchers at Symantec. The security giant has also come across strains of malware that use "sleep mode" to evade dynamic analysis systems.
A detailed write-up of both (unnamed) threats can be found in a blog post Here
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top