The rise in popularity of the Remote Access Trojan, or RAT, among financially motivated threat actors tracked by Proofpoint researchers, was a key highlight in 2019, which continues to gain popularity in 2020.
According to a Proofpoint report, which analyzes RAT threats throughout 2019, actors that gained an affinity for RATs in 2019 include the highly prolific TA505, which introduced the FlawedGrace RAT along with a new backdoor, ServHelper, in early January last year and continued distributing RATs using two new downloaders, AndroMut and Get2, as well as a new RAT, SDBbot, over the summer. TA516, who can be viewed as a barometer for threat actor trends given the diversity of their malware payloads, spent a large portion of Q2 and Q3 2019 distributing Remcos RAT campaigns and ended its year with a new Remcos campaign on December 31, says Proofpoint.