November 23, 2015
A remote access Trojan used sparingly in targeted attacks has been found after living under cover for three years, undetected by most security gear. The RAT, dubbed GlassRAT, was signed with a certificate belonging to a popular Chinese software company with hundreds of millions of users worldwide. The RAT was used to spy on Chinese nationals working in commercial outfits, and could have ties with other malware campaigns dating back to 2012.
The malware was discovered earlier this year by researchers at RSA Security during an incident response call. The victim, as it turned out, was a Chinese national working at a large “multinational corporation,” RSA said; the victim was not in China. It’s unknown how the victim was infected, whether via a phishing campaign, drive-by download or some other means, RSA said.