The new evasive loader, called "RATDispenser" by HP Threat Research, with the malware liable for delivering at least eight (8) different malware families in 2021. A total of 155 samples of this new malware have been identified, with three different variations, indicating that it is still in development.
How it works
"RATDispenser is used to get ahead of the system before unleashing secondary malware that takes control of the compromised device," said security researcher Patrick Schläpfer. "All of the payloads were remote access Trojans (RATs), which were designed to steal information and allow attackers to control targeted devices."
RATDispenser has been seen dropping a variety of malware, along with STRRAT, WSHRAT (Houdini or Hworm), AdWind (AlienSpy or Sockrat), Formbook ( xLoader), Remcos (Socmer), Panda Stealer, CloudEyE (GuLoader), and Ratty, all of which can steal sensitive information from infected devices and targeting cryptocurrency wallets.
"The range of malware families can be purchased or downloaded for free from underground marketplaces," Schläpfer added, "that the creators of RATDispenser may be operating under a malware-as-a-service business model."
At this moment there is no fixed patch to remedy this new malware. However, PC users should ensure they implement the following security measures.
Keep your computer and software updated.
Install firewall and configure it according to network requirements
The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.