GovRAT: Malware for today

GovRAT: Digitally signed malware

Want to know just how sophisticated cyberattacks targeting governments are getting? Security company InfoArmor has identified what it says is a new trend, in which vendors in the underground, industrialized malware marketplace are selling digital certificates that can be used for signing malware code.

The whole endeavor is aimed at public key infrastructures in order to insert advanced persistent threat (APT) malware into enterprises, delivering lengthy attacks that can steal vast amounts of data over time.

Stolen or fake digital certificates were found in the Stuxnet worm, and used in many of the recent attacks that have caused major breaches. As InfoArmor sees it, such certificates are now being used to validate the malware, which is called GovRAT. In fact, the malware is bundled with the digital certificates, and the whole package sold on TheRealDealMarket in the Tor network for just over $1,200, according to InfoArmor.

The author of GovRAT actually advertises it as ideal for long-term campaigns such as APTs. Once the malicious agent with digital signature is planted on the victim’s device, InfoArmor said, it bypasses even modern antivirus software, uses the SSL connection for encrypted communications and complicates the traffic enough to screw up any kind of analysis that’s attempted on it.

To date, it seems to have been rather successful. After extracting data from one of the identified GovRAT botnets, InfoArmor said, it found compromised accounts and infected network hosts belonging to employees in the U.S. Army, the Defense Manpower Data Center and the U.S. Marine Corps. Defense subcontractors also seemed to be key targets.

From that, the company believes the attacks are potentially focused on the personal data and credentials of military community members who have access to classified documents and systems such as MarineNet.

About the Author

Brian Robinson is a freelance technology writer for GCN.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group