Shulou(Shulou.com)05/31 Report--

Xiaobian to share with you what HeroRAT is, I believe most people do not know how, so share this article for everyone's reference, I hope you have a lot of harvest after reading this article, let's go to understand it together!

ESET's malware experts have recently discovered a new type of AndroidRAT, dubbed HeroRat, that exploits the Telegram protocol for remote command control and data extraction.

HeroRat isn't the first malware to exploit Telegram, as similar malware such as TeleRAT and IRRAT have appeared before.

HeroRat has been circulating around the world since August 2017, and in March 2018 its source code was released in Telegram Hacking Channels, which is freely available to anyone, meaning cybercriminals can develop variants according to their needs.

HeroRat was the first Telegram-based malware to use the Xamarin framework, using the Telesharp library to create Telegram bots and using C#for all development, whereas the rest of the malware was written in Java.

According to an analysis published by ESET: "Although the original code is open source, the RAT is still available on a specific Telegram channel, and there are three price models to choose from. It should be noted that we are not sure whether this RAT is based on the leaked source code or whether it is the leaked source code itself. "

According to the researchers, HeroRat currently spreads mainly by masquerading as social media apps and instant messaging apps in third-party app stores. The most affected region is Iran, where malware attracts installation by claiming to offer free bitcoin, free online resources and social media followers.

ESET found a very strange behavior when analyzing HeroRat, that is, after installing and running on the target device, it will display a small pop-up window and inform users that the application cannot run on the device, so many users will choose to uninstall it directly. After uninstall, the app icon will disappear, and many users will think that the uninstall has been successful, but in fact, the attacker has already obtained remote control of the target device.

Attackers can leverage Telegram bots to take control of infected devices and execute numerous commands such as data extraction and audio/video recording.

"The malware has a variety of spy tools and data extraction capabilities, including intercepting and sending SMS messages, making phone calls, extracting contacts, audio/video recordings, screenshots, obtaining device geolocation, and controlling device settings," the analysis said. "

That's all for "What is HeroRAT?" Thanks for reading! I believe that everyone has a certain understanding, hope to share the content to help everyone, if you still want to learn more knowledge, welcome to pay attention to the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.