Malware

How to Protect your System from the M2RAT?

riviTMedia Research
riviTMedia Research
How to Protect your System from the M2RAT?

The APT37 Threat Group has Developed a Malware Dubbed M2RAT

The APT37 threat group, also known as ‘RedEyes’ or ‘ScarCruft’, has been using malicious malware to conduct cyber espionage operations on behalf of the North Korean government. Dubbed M2RAT, this evasive malware uses steganography – the practice of hiding information within digital images – to avoid detection by security software.

Contents
The APT37 Threat Group has Developed a Malware Dubbed M2RATHow Do I Deal with a M2RAT Infection?

According to AhnLab Security Emergency Response Center (ASEC), the malicious campaign started in January 2023, with attackers sending weaponized attachments that exploit an old EPS vulnerability found in the Hangul word processor widely used in South Korea. 

Once executed, M2RAT adds a new value (‘RyPO’) to the ‘Run’ Registry key and executes a PowerShell script via ‘cmd.exe’ to gain persistence on the system. The program possesses various malicious capabilities, such as keylogging, data theft and command execution. 

It can also scan for portable devices connected to a Windows computer and copy any documents or voice recording files found onto the infected PC. All collected data is compressed into a password-protected RAR archive before being exfiltrated and wiped from memory in order to leave no traces behind.

M2RAT uses a shared memory section to communicate with its Command-and-Control server, making it difficult for security researchers to analyze the memory of infected devices. With these powerful abilities, M2RAT makes it easy for attackers to control compromised systems as well as collect information from them. 

How Do I Deal with a M2RAT Infection?

To protect yourself from a M2RAT Infection, you should practice safe web browsing habits like refraining from opening email attachments from unknown senders and downloading programs from unreliable sources. You should also have a reputable malware remediation tool installed on your computer. That way, you can regularly scan for elements associated with this troublesome malware infection as well as other threats. Also, to reduce the potential damage of a future malware attack, please consider backing up your files on an external hard drive or cloud storage.

If you are still having trouble, consider contacting remote technical support options.

You Might Also Like

Agent Racoon: The Stealthy Backdoor Threat Targeting Organizations

Is OneSafe PC Cleaner Safe?

Uninstalling PC HelpSoft Driver Updater

NSudo Exploitation: Understanding the Legitimate Tool Turned Malware

NetSupport RAT: Unveiling the Menace and Bolstering Cyber Defenses

TAGGED: , ,
Share This Article
Previous Article The ‘If You are 18 Tap Allow’ Online Pop-up Scam and the Risks that Come with it
Next Article How to Protect Yourself from the VVOO Ransomware Infection?
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Latest News

Ransomware
CACTUS Ransomware Exploits Qlik Sense Vulnerabilities
Ransomware
Colour Cure: Understanding and Preventing Browser Hijackers
Browser Hijackers
malicious website
The Risks of ourhugenewz[.]com and Similar Rogue Websites
Browser Hijackers
ransomware, stop/djvu
Elpy Ransomware: Unraveling the Threat and Prevention Measures
Ransomware