Badrat

BadRAT is a malicious software, also known as malware, attributed to APT37 (also known as InkSquid, RedEyes, Reaper, ScarCruft, and Ricochet Chollima). This malware is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites. Once inside the system, BadRAT can steal personal information, disrupt operations, or even hold data hostage for ransom. The security expert Liang has identified that BadRAT, along with other malware like Lazarus Group and CloudMensis, employs specific strategies to compromise systems. The Lazarus Group malware attempts to dump the access table from the TCC database, while CloudMensis and BadRAT try to identify where SIP (System Integrity Protection) is disabled in order to load their own malicious databases. These tactics allow these malwares to gain unauthorized access and control over the infected systems. Securonix, a cybersecurity company, reported that APT37, the group behind BadRAT, has been using deceptive tactics to lure in targets. They have been spreading malicious emails relating to Cambodian affairs, written in Cambodia's primary language, Khmer. Although detailed victimology was not shared by Securonix, this strategy indicates a potential focus on targets connected to Cambodian affairs.