New Chinese Malware – TaidoorOrhan Sari
US government agencies say Taidoor malware has been around since 2008 and is a remote access Trojan (RAT) type of malware.
1. What is a RAT? (Remote Access Trojan)
It is a type of malware that causes hackers to have remote access to the device of the target user and to take control of the device. Thanks to this malware, attackers can capture sensitive information on the user’s computer, request money from the user by encrypting his entire disk, or gain access to the user’s personal accounts by recording every button the user clicks. RATs usually infect the user’s computer through social engineering attack methods and generally achieve their purpose. For this reason, it is one of the most common types of malware encountered in the cyber world.
2. How Does Taidoor Malware Work?
Three US government agency companies have published a joint report warning about new versions of Taidoor, a type of malware associated with Chinese government-backed hackers. The Taidoor RAT malware infects the user operating system (32-bit or 64-bit) as a DLL file with 2 stages. Once downloaded to the system, the first file starts as a service and decrypts the second file, uploads it to the system and runs it.
The FBI says the Taidoor RAT malware is running and communicating with proxy (proxy servers) servers to hide its origin. After working on the Taidoor RAT system, Chinese hackers can access infected systems and leak sensitive data into the internet environment. They can also spread other malicious software using this malware.
USA Cyber Command also uploaded four instances of [ 1 , 2 , 3 , 4 ] Taidoor malware from VirusTotal. Cybersecurity firms or independent malware analysts can review, download and search for additional clues here.
4. How to Prevent Malware From Infecting Your Computer
Hackers often send malicious software such as RAT, keylogger, or cryptolocker to users using social engineering attacks methods. Training and testing users ensure the attack is prevented in its first phase. Use Keepnet Labs phishing simulator software to test your users’ reaction to phishing attacks and, and deploy funny and comprehensive training using Awareness Educator module with one click.
B. End-User Antivirus Software
Anti-virus software, which is among the products that may prevent malicious software from the operating system. However, users should download antivirus software with the most up-to-date version and be kept up-to-date. No matter how many precautions are taken against attack vectors in email, in some cases, malware bypass all your technological tools. For this reason, you need a tool that intervenes instantly and contains the attack when it succeeds to infiltrate into your system. Try Keepnet labs phishing reporter outlook add-in and Incident responder to identify, analyze, scan clean the emails containing malicious content within users’ inboxes. Visit our Incident Responder address for more information.
5. Other Cyber Security Awareness Posts
KEEPNET NINJIO is a cybersecurity awareness solution that uses engaging, 3 to 4 minute Hollywood style micro-learning videos to train employees and organizations to become defenders against cyber threats. KEEPNET NINJIO educates organizations, employees, and families against cyberattacks, making them the first line of defense against today’s advanced attacks. Try for free.