Tech

Malware Called ‘GlassRAT’ Targets Chinese Nationals

Daily Caller News Foundation logo
Steve Ambrose Contributor
Font Size:

A number of Chinese nationals have found themselves the victims of a three-year malware campaign designed to extract information from the victims and the international corporations who employed them, The Security Ledger reported Nov. 23.

Security researchers at RSA released a report Nov. 23 on the trojan known as “GlassRAT” (Glass Remote Access Tool), which appears to have been falsely authenticated and designed to “give remote adversaries access to- and control over compromised computers on a target network.” GlassRAT was created in 2012 and discovered Feb. 2015. (RELATED: New Russian Hacker Exploit ‘Most Significant Cyber-Espionage Threat’ To US, NATO Partners)

A trojan horse virus is a type of malware that is disguised as legitimate software. Once a trojan is installed on a computer, it allows the bad actor to remotely control the computer. They can then delete, modify or copy data in addition to disrupting network performance. (RELATED: Elite Iranian Military Unit Suspected Of Hacking White House Officials)

The names of the corporations or the types of industries involved are not disclosed in the report.

Paul Roberts, a cybersecurity analyst and writer for The Security Ledger, tells The Daily Caller News Foundation in addition to the attacker being able to exude some control over the network, he believes the foreign nationals are potential targets for blackmail and extortion. GlassRAT can be used to collect personal information on the Chinese national or their family. At that point, threatening to expose the information or harm family members will be an incredible amount of leverage for a bad actor trying to encourage the foreign national to deliver company trade secrets from their employer.

Roberts says GlassRAT operates like a sophisticated Swiss army knife, with several layers that together create an effective malware attack.

A dropper, which serves as a container-like program that holds and installs the malware on the targeted computer, presumably stole a valid authenticity certificate from a software publisher—giving the dropper the appearance of legitimacy before being downloaded by the target. The dropper also has a self-destruct mechanism that deletes itself after releasing the malware and once the malicious code is installed it operates “below the radar,” avoiding typical anti-virus programs.

The report does not speculate on the who the perpetrators are, but does say a technique similar to GlassRAT is used against the Philippine military and the Mongolian government.

Roberts says it’s incredibly difficult to identify a primary actor who initiates such an attack, but he does have an idea.

He says the Chinese government has a history of using foreign nationals to spy on their behalf and that given the nationality of the targets, it would not be a surprise if they were involved.

Follow Steve Ambrose on Twitter

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.

All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.