Allakore Rat

The AllaKore Remote Access Trojan (RAT) is a dangerous form of malware known for its ability to steal system information, record keystrokes, take screenshots, upload and download files, and remotely access the victim's machine. This RAT has been used in multiple campaigns by threat actors, including the Pakistan-linked group known as SideCopy. One of the most notable features of the newer iterations of AllaKore RAT is their complex installation process that verifies Mexico as the victim's location before execution. The malware is typically delivered through suspicious downloads, emails, or websites, and once inside a system, it can disrupt operations, steal personal data, or even hold data hostage for ransom. In recent months, SideCopy has exploited a security vulnerability in WinRAR (CVE-2023-38831) to deliver various remote access trojans, including AllaKore RAT, Ares RAT, and DRat, specifically targeting Indian government entities. In addition to these, the threat actor's arsenal includes other RATs such as Action RAT, Reverse RAT, Margulas RAT, among others. The final payload, DRat, connects with the IP 38.242.149[.]89 for Command and Control (C2) communication, which is also used with the AllaKore RAT. Last month, cybersecurity firm SEQRITE detailed multiple campaigns undertaken by SideCopy, highlighting the group's use of numerous trojans like AllaKore RAT, Ares RAT, and DRat. The payload present in these campaigns is often the AllaKore RAT agent, which sends commands and uploads stolen data to the C2. As the threat landscape continues to evolve, it is crucial for organizations and individuals to remain vigilant and adopt robust security measures to protect against such sophisticated cyber threats.