Cross-platform RAT 'AlienSpy' targets Mac OS X, Windows and Android users
The AlienSpy remote access trojan (RAT) is being sold to attackers via subscription plans, ranging from around $20 to $220.
Analysts warns that a multi-platform remote access trojan (RAT) has been taken up by attackers to target end users around the globe, as well as enterprises in the technology, financial services, government and energy sectors.
Dubbed “AlienSpy,” the RAT was discovered by General Dynamics' Fidelis Threat Research Team, which observed phishing emails targeting its customer base over the past few weeks with the malware. In an advisory published Wednesday (PDF), Fidelis noted that the tool appeared to be new-and-improved version of another RAT, named Frutas, which has also been called Adwind RAT and Unrecom RAT over the course of its evolution.
AlienSpy notably has cross-platform functionalities, as it can infect devices running Windows, Linux, Mac OS X and even the Android mobile operating system.
“AlienSpy is a Java-based RAT that provides a plug-in framework with a total of around 12 plug-ins for different operating system platforms,” the Fidelis threat advisory explained. “This modular plug-in framework makes it easy for the attackers to upgrade the RAT with plug-ins that provides additional features.”
Researchers said that the website for the tool, AlienSpy[dot]net, claims that the RAT is not classified as malware, thought it sports built-in features that disable many anti-virus tools. Attackers leveraging the RAT could also use it to download additional malware, Fidelis said.
Currently, AlienSpy is sold being sold on a subscription basis, from $19.90 to $219.90, depending on the length of time buyers wish to access the tool ($220 allows a year of access, for instance).
The RAT's other capabilities entail collecting system information (such as IP addresses, operating system versions, memory RAM information, Java version and computer name), using infected devices' webcams and microphones unbeknownst to victims, keylogging and browser password theft. AlienSpy can also access device files in the context of the current user and utilize the Remote Desktop feature to spy on victims' activities, the firm said. In addition to disabling AV and other security tools, the RAT also works to evade detection by using transport layer security (TLS) to secure its command-and-control communications. AlienSpy also detects sandboxing technologies, according to Fidelis.