Beware! Kaspersky Finds a New Type of Malware Called EarlyRat

EarlyRat malware illustration (photo: Kaspersky)

JAKARTA - Kaspersky researchers have just discovered a new malware family called EarlyRat. This type of malware is usually used together with the DTrack malware and the Maui ransomware which is also an Andariel utility.

For information, Andariel is an advanced persistent threat (APT) that has been operating for more than a decade within the Lazarus group. According to Kaspersky, Andariel initiated the infection by leveraging the Log4j exploit, which allowed the download of additional malware from the command-and-control (C2) infrastructure.

Human Operators

Kaspersky also believes that the commands in the Andariel campaign are executed by human operators, who may have little experience, given the many mistakes and typos that are made.

So, among these findings, Kaspersky researchers found an EarlyRat version in one of the Log4j cases. In some cases, EarlyRat was downloaded via the Log4j vulnerability, while in others it was discovered that phishing documents ended up spreading EarlyRat.

“In the vast cybercrime landscape, we encounter many players and groups operating with varying compositions. It is common for groups to adopt code from other people, and even affiliates who can be considered independent entities, juggling different types of malware," said Jornt van der Wiel, senior security researcher, GReAT at Kaspersky. Jakarta.

Like many other Remote Access Trojans (RAT), EarlyRat collects system information upon activation and sends it to the C2 server using certain templates.

Furthermore, Kaspersky found the EarlyRat language to have some similarities to MagicRat, a malware that had been used by Lazarus before.