AsyncRAT

Malware updated a month ago (2024-10-14T18:00:56.438Z)

Download STIX

Preview STIX

AsyncRAT is a malicious software (malware) that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. It has recently risen to prominence, ranking 10th on the most prevalent malware list. The malware was spread using another malware called SocGholish and after loading an executable, AsyncRAT unpacks in memory. The distribution of AsyncRAT was facilitated by a script developed using artificial intelligence (AI). Threat actors likely used AI to develop this script, which was then used to modify the Registry, drop a JavaScript file executed as a scheduled task, and create a PowerShell script that triggers the AsyncRAT payload. Upon decryption, the attachment imitates a website but contains VBScript that acts as a dropper for the AsyncRAT infostealer. This campaign, discovered by researchers from HP Wolf Security, utilized both VBScript and JavaScript code to distribute AsyncRAT. The VBScript and JavaScript code were generated by generative artificial intelligence services, as per the evidence found by HP researchers. The structure of the scripts, comments explaining each line of code, and the choice of native language function names and variables strongly indicate that GenAI was used to create the malware. Furthermore, this version of AsyncRAT included an infostealer plugin designed to exfiltrate data from popular web browsers like Chrome and Firefox, as well as cryptocurrency wallet extensions such as MetaMask and Coinbase.

Description last updated: 2024-10-14T17:15:35.214Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Rat

Payload

Remcos

Loader

Trojan

Phishing

Source

Windows

Infostealer

Exploit

JavaScript

Downloader

PowerShell

Crypter

Antivirus

Github

Chrome

Scheduled Task

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The njRAT Malware is associated with AsyncRAT. NjRAT is a remote-access Trojan (RAT) that has been in use since 2013, often deployed in both criminal and targeted attacks. This malware can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, NjRAT can steal personal information, d	Unspecified	4
The Lockbit Malware is associated with AsyncRAT. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit	Unspecified	2
The Agenttesla Malware is associated with AsyncRAT. AgentTesla is a well-known Remote Access Trojan (RAT) and infostealer malware that has been used in numerous cyber-attacks. It is often delivered through malicious emails or downloads, and once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for rans	Unspecified	2
The Xworm Malware is associated with AsyncRAT. XWorm is a sophisticated piece of malware designed to infiltrate and exploit computer systems, often without the user's knowledge. It can be delivered through various means such as suspicious downloads, emails, or websites, and once inside a system, it can steal personal information, disrupt operati	Unspecified	2
The NETWIRE Malware is associated with AsyncRAT. NetWire is a type of malware, specifically a remote access trojan (RAT), that has been utilized for various malicious activities since at least 2014. Initially promoted as a legitimate tool for managing Windows computers remotely, NetWire was quickly adopted by cybercriminals and used in phishing at	Unspecified	2
The Fakeupdates Malware is associated with AsyncRAT. FakeUpdates, a malicious software (malware), has become increasingly prevalent in recent years. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user, and can disrupt operations, steal personal information, or hold data hostage for ransom. In 2022, a	Unspecified	2
The Socgholish Malware is associated with AsyncRAT. SocGholish is a malicious software (malware) that has been significantly prevalent in cyber threats over recent years. In 2022, it was observed being used in conjunction with the Parrot TDS to deliver the FakeUpdates downloader to unsuspecting visitors on compromised websites. By late 2022, Microsof	Unspecified	2
The DarkComet Malware is associated with AsyncRAT. DarkComet is a Remote Access Trojan (RAT) that opens a backdoor on infected computers, allowing unauthorized access and data theft. This malware has been classified among the top five Command and Control (C2) families, indicating its widespread usage by cybercriminals. DarkComet, along with other es	Unspecified	2
The Targetcompany Malware is associated with AsyncRAT. TargetCompany is a known malware entity, often referred to as Mallox, Tohnichi, or Fargo in various articles and blog posts. This malicious software is designed to infiltrate and damage computer systems, often without the user's knowledge. It can enter systems through suspicious downloads, emails, o	Unspecified	2

Source Document References

Information about the AsyncRAT Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Checkpoint	a month ago	14th October – Threat Intelligence Report - Check Point Research
DARKReading	2 months ago	GenAI Writes Malicious Code to Spread AsyncRAT
Securityaffairs	2 months ago	A generative artificial intelligence malware used in phishing attacks
InfoSecurity-magazine	2 months ago	Threat Actors Shift to JavaScript-Based Phishing Attacks
Contagio	3 months ago	2024-08-29 ASYNCRAT Samples
Checkpoint	3 months ago	26th August – Threat Intelligence Report - Check Point Research
Securelist	3 months ago	An overview of the BlindEagle APT’s activity in Latin America
Securityaffairs	3 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Fortinet	3 months ago	PureHVNC Deployed via Python Multi-stage Loader \| FortiGuard Labs
Securityaffairs	4 months ago	security-affairs-malware-newsletter-round-5
Securityaffairs	4 months ago	SocGholish malware used to spread AsyncRAT malware
Recorded Future	4 months ago	2023 Adversary Infrastructure Report \| Recorded Future
Checkpoint	6 months ago	Inside the Box: Malware’s New Playground - Check Point Research
DARKReading	6 months ago	HP Catches Cybercriminals 'Cat-Phishing' Users
Pulsedive	7 months ago	Pulsedive Blog \| CyberChef 101 Tool Guide
Malware-traffic-analysis.net	8 months ago	Malware-Traffic-Analysis.net - 2024-03-14: AsyncRAT and XWorm infection
CERT-EU	8 months ago	New Vcurms Malware Targets Popular Browsers for Data Theft
CERT-EU	9 months ago	Tax Season Phishing Surge: Cyber Exploits with AsyncRAT
BankInfoSecurity	10 months ago	Breach Roundup: FTC Bans Data Broker From Sharing Locations
InfoSecurity-magazine	10 months ago	Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over