What is RAT malware, and why is it so dangerous?

Generally, RAT malware infection uses social engineering. Hackers use deception to get a user to click where they shouldn’t and download malware onto their computer.

Generally hackers can attach a RAT to an email as an attachment or link or in a mobile app, but they can use many other tricks to spread their malware. They can hide it behind pop-ups which appear when browsing via different webpages, or even in entertainment services.

For example, during the lockdown caused by the COVID-19 global pandemic, watching films via streaming or direct downloads and torrents has skyrocketed. Hackers have seized this opportunity and are managing to infect users by hiding their RAT malware in pirate film streaming or download services.

They also keep changing their scam topics to get people interested. Topics like tax returns, questions on Coronavirus or remote work, football leagues, sales, Black Friday, etc. So we must be very careful with this type of media.

Regardless of the methods or topics used by the hacker, when the victim falls into the trap and installs the RAT on their device, without realising it they are giving remote access to their computer.

If they manage to infect their victim and assume remote control of the device, the cybercriminal’s options are limitless. Once inside, the hacker can try to access the victim’s online banking to make transfers, find out passwords, subscribe to unwanted services, look at emails, visit social media profiles and even make copies of photo galleries, amongst other actions which can be devastating at both a personal and corporate level.

To reduce the risk of infection, it is crucial to follow digital best practices when surfing the web, and to exercise caution when downloading applications from unknown sources.

You should not click on suspicious links or attachments, even if you know the sender. There are currently some very sophisticated phishing campaigns circulating which are able to impersonate a bank or any other legitimate service in a very realistic and convincing manner. When you receive an email, you must carefully check the signs which will help determine its authenticity.

In addition to applying common sense, another measure to reduce the risk of infection is to always keep your operating system updated with the latest available version, as well as other applications you use, and antivirus software. It must be configured correctly so that it is updated automatically and constantly scanning files for potential threats.

Applying these measures will drastically reduce the likelihood of being infected. Although above all, the best means to combat a RAT and any other malware is common sense, staying alert and checking twice before clicking.

If you have discovered or suspect an infection, we recommend formatting the device and reinstalling in full, as antivirus software cannot always detect all malware.

Also, it is likely that the RAT has access to passwords for any other service which the user has accessed with their device: social media, online shops, streaming services, etc. For this reason, once you have formatted the device, you must also change your passwords for all services you use regularly, particularly email.

If a CaixaBank customer has been the victim of fraud, we recommend contacting us using one of the following two options:

• Customer care (24 hour service): +34 938 87 25 25 / +34 900 40 40 90.
• Your branch manager.

The RAT attacks the customers of various financial entities to obtain remote control of their devices.

In most cases, the malware is acquired through a malicious email using a supposed bill to draw someone in.

When the user opens the link or the document attached to the email, RAT is installed on the device, giving the cybercriminal remote control without the user realising.

Regardless of the method used by the criminal to install the RAT on the customer’s device, CaixaBank customers can do the following:
When the user opens the CaixaBank NOW app, the RAT will show a “security module installation” screen.

This is a distraction. Whilst the customer sees this screen, the hacker is using the app to make a transfer.

After completing it, the customer receives an alert on their mobile to authorise the fraudulent transfer. If the customer does not check the authorisation details correctly, they will accept the unknown transfer to the hacker.

Therefore before entering a code received by SMS or signing a transaction through the CaixaBank Sign app or any other bank mobile app, before authorising anything, it is incredibly important to carefully check the transaction details (amount, destination account), including in SMS and mobile app signing requests.

The main recommendations are:

• Paying close attention when authorising any transaction and checking the associated details: destination account and total.
• Keep devices, applications and antivirus software updated.
• Report any suspicious behaviour.
• Always use common sense, and never rush.