A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning.
The malware is available for a $200 monthly subscription that unlocks advanced features such as hidden remote desktop, file system control, data exfiltration, clipboard theft, credential theft, cryptocurrency wallet theft, and DNS hijacking.
Atroposia was discovered by researchers at data security company Varonis, who warned that it’s the latest example of an easy-to-use, affordable “plug and play” toolkit, alongside SpamGPT and MatrixPDF.
The Atroposia dashboard
Source: Varonis
Atroposia overview
Atroposia is a modular RAT that communicates with its command-and-control (C2) infrastructure over encrypted channels and can bypass the User Account Control (UAC) protection to increase privileges privilege on Windows systems.
According to the researchers, it can maintain persistent, stealthy access on infected hosts, and its main capabilities include:
HRDP Connect module that spawns a covert desktop session in the background, allowing an attacker to open apps, view documents and email, and interact with the user’s session without any visible indication. Varonis says standard remote-access monitoring can fail to detect it.
Remote desktop module
... continue reading