Revenge RAT

Revenge RAT is a malicious software that uses advanced delivery techniques and support infrastructure to exploit and damage computer systems. It utilizes an Office macro within a Microsoft Office Excel Worksheet to infect its targets. The malware is not dropped onto the disk but is loaded directly into the memory of a process via the "Reflection.Assembly" PowerShell command, making it stealthier and harder to detect. This Remote Access Trojan (RAT) automatically gathers system information before allowing threat actors to remotely access system components such as webcams, microphones, and various other utilities. In 2022, the usage of Revenge RAT significantly increased, with campaigns delivering a mixture of malware including Loda, Revenge RAT, and AsyncRAT. These were delivered through a variety of mechanisms such as URLs, RAR attachments, ISO attachments, and Office documents. The ultimate goal was to download a RAT, most commonly Loda or Revenge RAT, onto the target machine. The frequent checking ensured that any changes made would be quickly followed, and the repeated attempts to run the Revenge RAT binary made it almost certain that even if the process was terminated, the RAT would be running again soon. Cofense Intelligence has recently reported enhancements in this basic and widely available RAT, which help it to access webcams, microphones, and other utilities as Revenge RAT conducts reconnaissance and attempts to establish a foothold in targeted computers. Despite being a simple and freely available RAT, Revenge RAT's increasingly sophisticated delivery methods and support infrastructure have made it a significant cybersecurity threat.