The Remote Access Trojan (RAT) on sale in the underground platform has been upgraded to manipulate Tor while maintaining persistence on the infected devices. Sean Gallagher and Sivagnanam Gn of the Sophos Lab announced the consistent research into malware running wild since 2019.
Read More: How AI Helps in Overcoming the Cybersecurity Skills Gap
The RAT, also tagged as SystemBC, has evolved from being a mere VPN via a SOCKS5 into a backdoor that uses the Tor network to ensure persistence and simplify the process of tracing connected command and control servers. As per reports, the malware can execute script deployment, Windows commands, deploy nefarious DLLs, remote monitoring, and administration.
Source: zdnet