Fatalrat

Malware updated 4 months ago (2024-05-04T19:19:11.646Z)
Download STIX
Preview STIX
FatalRAT, also known as Sainbox, is a variant of the Gh0st RAT malware that targets Windows platforms. Initially identified by Proofpoint in 2020, it has become popular with the PurpleFox threat actor group. Once infiltrated into a system, FatalRAT can log keystrokes and download and install additional payloads. As per Nuspire's Q1 2023 cyber threat report, out of their top five botnets, Torpig Mebroot remains dominant, but two new botnets have emerged: NetSupport RAT and FatalRAT. In a notable campaign since April 2023, at least 20 instances have been reported where Sainbox was delivered through malicious means. In one instance, KryptoCibule, a cryptocurrency-focused malware that targeted Czech and Slovak users, spread through a popular local file sharing service, masquerading as pirated games or downloadable content (DLC). Another significant case involved Chinese-language speakers in Southeast and East Asia who were targeted with poisoned Google search results for popular applications such as Firefox, WhatsApp, and Telegram, leading to the installation of trojanized versions containing FatalRAT. The malware was also spread through fake browser and messenger apps advertised on Google Ads. The campaign involved malicious advertisements that mimicked websites of popular applications like Firefox, WhatsApp, Signal, Skype, and Telegram. While providing the legitimate software, these sites also delivered a remote access trojan called FatalRAT. This malware continues to pose a significant threat due to its ability to exploit and damage computer systems without the user's knowledge.
Description last updated: 2024-05-04T18:38:03.943Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
gh0st RAT
2
Gh0st RAT is a notorious malware that was originally developed by the C. Rufus Security Team in China and has been widely used for cyber espionage since its code leaked in 2008. This malicious software can infiltrate systems through suspicious downloads, emails, or websites, often without the user's
Sainbox
2
Sainbox, also known as FatalRAT, is a variant of the Gh0st RAT trojan malware that has been increasingly deployed in cybercrime activities, particularly those associated with suspected Chinese cybercrime operations. Proofpoint researchers have observed over 30 separate campaigns leveraging this malw
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Trojan
Telegram
Skype
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Fatalrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
9 months ago
Hackers Stole $59 Million of Crypto Via Malicious Google and X Ads | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
a year ago
Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT
CERT-EU
a year ago
Nuspire’s Q1 2023 Cyber Threat Report Shows Spike in Exploits, Botnets and Malware
ESET
a year ago
You may not care where you download software from, but malware does | WeLiveSecurity
CERT-EU
a year ago
New Malvertising Attack Drops BlackCat Ransomware via Fake Search Results
CERT-EU
a year ago
WeLiveSecurity
CERT-EU
a year ago
Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT | #cybercrime | #infosec | National Cyber Security Consulting
BankInfoSecurity
a year ago
Financially Motivated Hacks by Chinese-Speaking Actors Surge
CERT-EU
a year ago
Report: Increase in Chinese-Language Malware Could 'Challenge' Russian Dominance of Cybercrime
CERT-EU
a year ago
A Wave of Chinese Cyberthreat Campaigns Use Old and New Malware
CERT-EU
a year ago
Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape | Proofpoint US
CERT-EU
2 years ago
Google Ads drop FatalRAT malware from fake messenger, browser apps | IT Security News
ESET
2 years ago
Search ads abused to spread malware – Week in security with Tony Anscombe | WeLiveSecurity