zgRAT
Type of Malware
Remote Access Trojan, Infostealer,
Banking Trojan
Date of initial activity
It is not documented in public sources
Country of Origin
Unknown
Motivation
To enable remote access and control over infected machines.
Data theft.
Type of information Stolen
Login credentials, Personal Identifiable Information (PII), Financial Information, Medical Records, Biometric Data, Corporate Data
Attack Vectors
Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments, either directly or by way of other threats such as loaders and stealers
Targeted System
Windows
Overview
zgRAT is a classic remote access trojan that allows its operator to gain remote control of a compromised machine, perform keylogging, steal sensitive data, and also upload/execute other threats. zgRAT has an infostealer use which targets browser information and crypto wallets. The exact date of the initial detection of zgRAT is not widely documented in public sources. However, zgRAT has been observed in various cybercriminal campaigns over the past several years. zgRAT has been observed being distributed through spam campaigns that promote the Agent Tesla malware, which installs this RAT.
Targets
zgRAT primarily targets individuals and organizations In South Korea, with the aim of gaining remote access to compromised machines
How they operate
zgRAT has been identified in spam campaigns where emails carried malicious attachments. When these attachments were opened, they introduced malware such as Agent Tesla RAT or FakeBat onto the device, subsequently infecting it with zgRAT. Once deployed, zgRAT enables the attacker to remotely control the compromised machine, conduct keylogging activities, exfiltrate sensitive data, and execute additional malicious payloads.
References:
The post zgRAT (RAT, Infostealer) – Malware first appeared on CyberMaterial.