RunningRAT’s Next Move: From Remote Access to Crypto Mining for Profit

Description

RunningRAT, a remote access trojan initially observed in 2018 targeting the Pyeongchang Winter Olympics, has evolved its capabilities to include cryptocurrency mining. This shift indicates an expansion of the malware's operational focus. The analysis reveals the discovery of RunningRAT samples in open directories, detailing its execution process, network communications, and connection to cryptocurrency mining tools. The malware's infrastructure includes command and control servers hosting XMRig mining software, suggesting a new direction towards financial gain through compromised systems. The findings highlight the adaptability of established malware and the importance of continued monitoring for emerging threats.