AthenaGO RAT Malware Strikes Windows Computers

Security experts detected a new danger – the AthenaGo RAT malware which uses the TOR2Web service to maintain C&C communication. Continue reading our article to learn more about it and how you can remove active infections from your computer and protect it in the future.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

AthenaGo RAT Malware Has Started Infecting Hosts Worldwide

Computer experts detected a new dangerous malware threat known as the AthenaGo RAT. This is a virus that targets mainly Microsoft Windows users and the interesting thing about it is that it uses the Tor2Web service which acts a proxy connection to the C&C servers available on the TOR anonymous network. The AthenaGo virus is written in the Go programming language and upon infection it is capable of downloading and running additional binary files on the infected hosts. The Tor2Web service is used only for the remote C&C server communication. However it is possible that the malware can deliver other virus threats from outside sources as well.

The virus primarily infects by spam email messages. The hackers infect Word documents with malicious macro that downloads the payload once the target has interacted with it. According to the security research currently Portuguese-speaking users are the primary target. Two hardcoded domains are contacted when the infection has been activated on the victim computer. During the initial infection the AthenaGo RAT malware generates both the public and private RSA encryption keys which are needed for the secure communication with the server. Then the two hardcoded servers are contacted to report of the successful infection.

The malware gives hackers the possibility to execute arbitrary commands at will. Some of the supported predefined commands include the following:

  • ListDir – lists all directories on the infected host.

  • ListProcesses – list all running processes.

  • KillProcess – kills the given process.

  • DownloadFile – Downloads and saves a given file.

  • DLRUN – Downloads target file, saves it to the %TEMP% folder and executes it afterwards.

  • RunCMD – Executes a given system command using Go’s os/exec package.

Why The AthenaGo RAT Malware Is Dangerous And How To Remove It

The AthenaGo RAT is a dangerous tool in the hacker’s hands as it gives the possibility not only to modify important user data, but also deliver additional viruses, institute ransomware infections and spy on the victims. If combined with other types of malware it can also recruit the victim host to a dangerous botnet. This is the reason why we recommend all concerned users to scan their computers will a quality anti-spyware utility and check for any infections. A good software solution can also remove any detected threats with a single mouse click.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

How disturbing is this problem?

Avatar

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *