The Remote Access Trojan (RAT) malware has become a growing problem world-wide, particularly in Asia, writes Hugh Stephens. Consumers need to take reasonable precautions, especially staying away from sites offering pirated content.
By Hugh Stephens, Sept. 8, 2017
In the Chinese zodiac, the Year of the Rat (1984, 1996, 2008, 2020, etc.), one of the 12 “animals” of the lunar cycle, brings with it good things as well as some cautions. Its prognostications are similar to those of the other eleven animals in the Chinese zodiac and to the predictions of western horoscopes.
People born in the Year of the Rat, or “Rats,” are supposed to be “quick-witted, resourceful, versatile, kind, smart and lovely,” according to one Chinese zodiac website. But there is another “rat” out there that is far less benign and which can affect everyone, not just those born in specified years. I am referring to what is known as a “Remote Access Trojan” (RAT), a growing problem world-wide, particularly in Asia. One definition of a RAT calls it “a malware program that includes a back door for administrative control over the target computer.”
When a RAT takes over the administrative control of a computer, the intruder has virtually full access to do whatever the computer’s owner could do, as long as the device is connected to the internet. A computer hijacked by a RAT is fully exposed. The RAT master can read your mail, access confidential information, activate the webcam and recording functions (thus spying on you in your own home), delete or alter files, take screenshots, distribute further viruses, and so on. Sometimes an intruder will demonstrate to the user that they have taken over a computer by opening and closing the disk drive or playing music on the computer. The RAT is an intruder in your home. RATs even “enslave” their victims by passing on (and even selling) details of unknowing victims to other RAT operators.
When a RAT takes over the administrative control of a computer, the intruder has virtually full access to do whatever the computer’s owner could do.
While online games that can be downloaded for “free” are common sources of infection, as are attachments sent by email, RATs also frequently lurk on websites hosting pirated content. Often they are embedded in movie subtitles that are found on such sites and are also commonly found in music torrents or files. The problem is compounded by the fact that media players such as Kodi, Popcorn Time and Stremio, which are commonly used on Illicit Streaming Devices (Android TV boxes), are vulnerable to malware attacks and do not catch the RAT file. RATs are just one form of malware, albeit a particularly nasty one, and can lead to online harassment, theft, and blackmail.
The Wannacry ransomware attack has recently focussed the world’s attention on this kind of extortion. Elsewhere, I noted that China had been hit particularly hard by the Wannacry virus because of the widespread use of pirated, outdated software in that country. More recently attention has focussed on the Petya virus, which originated in Ukraine where, according to the Business Software Alliance, the software piracy rate in 2015 was 82 percent, one of the highest in Eastern Europe. The source and motivation for the Petya attacks is still a matter of conjecture, but the close relationship between the growth and spread of malware and the high use of pirated software is surely not coincidental.
Coming back to RATs, the Asia Digital Alliance (ADA) reports that users in Taiwan, Singapore, Thailand, Malaysia, and Hong Kong are the most victimized. The ADA, “a coalition of Internet users, businesses, security experts and academics who promote an accessible yet safe Internet environment,” has played a leading role in investigating, exposing and publicizing risks on the internet. It points out the close connection between using pirated websites to access content and the unwanted surprise of downloading malware.
While focussing on the risks to users, ADA also examines what can be done to combat malware. A big part of the problem is the easy accessibility of instructions and instructional videos (e.g., on YouTube), explaining exactly how to download, spoof and propagate RAT malware. Once downloaded, the software must be made undetectable. According to ADA:
YouTube will provide all the requisite instructional informational required. A Google search inquiry “how to spread rats” provides links to YouTube video tutorials, popular hacker forums and blogspots. The first search in Google search is hackforums.net, a forum which takes no more than five minutes to become a member and gain full access. The search functionality allows for immediate navigation to “RAT spreading” forums which give voluminous advice on what type of spoofed file-names are the most effective and which website or social media platform to target and entrap a victim into downloading the infected RAT file.
Who profits from these RATs? It is not hard to guess. First the uploader, who through YouTube’s Partner Program can share the revenues from advertising that runs alongside or is embedded in the videos. Although revenue sharing is supposed to be restricted only to those “approved for monetization” by YouTube, ADA states that it found many RAT-slaving tutorial videos on YouTube which were generating advertising revenues and thus had to have been approved by YouTube. This is despite YouTube’s stated policy that it has “stringent advertising guidelines” to ensure that ads do not appear beside inappropriate content. Second, YouTube of course directly benefits from its split of the advertising revenues that run with the RAT content. As ADA comments, “no ethical business should be able to profit in this way.”
Search is another tool that directs consumers to pirate sites, and thus into the arms of malware purveyors. Google has claimed that Search plays only a minor part in directing consumers to pirate sites because those frequenting such sites are experienced users and don’t need a helping hand. However, as David Newhoff has pointed out in his blog “The Illusion of More”, the huge volume of malware on pirate sites, much of it directed at unsuspecting users, indicates that these sites expect to be visited by inexperienced consumers who can be victimized. This leads to the inevitable conclusion that Search must play a significant role in directing and driving them there.
Even the advertising industry is being victimized by “botnets” that operate on enslaved computers, many of them in China.
ADA cites industry statistics to point out that 33 percent of computers globally are infected with some form of malware. Newhoff states that a teenager has a 30 percent chance of being infected with malware if they visit a site hosting infringing “free” material. It’s an epidemic, and the solution must be a combination of awareness on the part of consumers and more responsible practices by internet intermediaries – plus law enforcement doing what it can.
Malware comes in many forms and RATs are not the only form to look out for. It is the most damaging with respect to personal privacy, but other forms can drain your bank account, wipe out the files on your computer, or hold you to ransom. Even the advertising industry is being victimized by “botnets” that operate on enslaved computers, many of them in China, resulting in widespread “click fraud”. According to a study done three years ago for the advertising industry, up to 36 percent of clicks may be automated, and the problem has got worse since then. This is not just a malware problem but malware plays its part by inserting advertisements into victim’s devices, resulting in false clicks.
It can be a brutal world out there in cyberspace. The spread of knowledge and the democratization of learning that the internet has created are powerful enablers. But, at the same time, there are huge risks with sometimes catastrophic consequences for careless or unsuspecting consumers. Consumers have to take reasonable precautions; keeping one’s computer up to date, using licensed software and recognized security programs, not being tricked into downloading malware and, above all, staying away from sites offering pirated content – games, music, films – whatever.
If you don’t want to be mugged, stay away from rough neighbourhoods. That is where the RATs hang out. You don’t want to meet one.
Hugh Stephens is a fellow at the Canadian Global Affairs Institute, distinguished fellow at the Asia Pacific Foundation of Canada, and vice-chair of the Canadian Committee for Pacific Economic Cooperation. A version of this article appeared on hughstephensblog.net.
MLI would not exist without the support of its donors. Please consider making a small contribution today.