Incident Response, Malware, TDR

Details emerge about PlugX/Kaba RAT in Pacific Rim

The well-known remote access tool (RAT) known as PlugX/Kaba continued its assault on companies in countries on both sides of the Pacific Ocean in 2013 and 2014, hitting technology, aerospace/defense, entertainment/media and government the hardest, according to a blog post from researchers at FireEye.

The post noted while PlugX is most often distributed through an exploit — most commonly RTF files, it can be delivered through a RAR self-extracting executable with files appearing to have a Word or PDF icon. 

A decoy document is displayed to the victim and PlugX RAT is then loaded in the background without the user's knowledge. The U.S., Japan, Hong Kong, South Korea and Taiwan are among the hardest hit with some of the content of the exploit documents centering around NGOs and socio-political events in China and Japan. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.