Researchers at RSA discovered a Remote Access Tool (RAT) dubbed GlassRAT that they say is "designed for deception."
GlassRAT appears to be part of targeted campaign that is focused on Chinese nationals in commercial organizations both inside and outside the country, according to the Peering Into GlassRAT report.
“It is a simple but capable RAT with reverse shell as well as other typical capabilities of RATs, such as file transferring and process listing,” researchers said. “The GlassRAT dropper uses the trademarked icon of Adobe Flash player, and was named “Flash.exe” when it was uploaded to VirusTotal from an IP address, likely in the Peoples Republic of China.”
The malware appears to be signed with a certificate from a popular and trusted software developer in China and researchers estimate that it has gone under the radar for nearly three years, the report noted.
Researchers spotted GlassRAT in February 2015 and said that the malware briefly shared C2 infrastructure with other large campaigns that targeted geopolitical organizations in the Asia Pacific. According to the report, the malware was undetectable by endpoint anti-virus products.
RSA Incident Response Team discovered the RAT and RSA's research team investigated the malware during an engagement with a multi-national enterprise, according to the report.
