What is WarzoneRAT?
WarzoneRAT (S0670) is a C++ infostealer and Remote Access Trojan (RAT). As a piece of commodity malware, it is widely available for purchase on criminal forums, making it accessible to a broad range of actors.
This RAT, which reuses code from the Ave Maria stealer, gives attackers remote access to and control over an infected system to steal sensitive information.
How to Defend Against WarzoneRAT?
Defending against commodity malware like WarzoneRAT requires preventing its common infection vectors and detecting its activity.
- Be cautious with unsolicited attachments and downloads, which are common infection vectors for this RAT.
- Keep all operating systems and applications patched to limit the vulnerabilities that can be exploited for initial access.
- Use application whitelisting to prevent unauthorized executables like WarzoneRAT from running.
- Deploy endpoint detection and antivirus to identify and block the execution of known RATs and their associated behaviors.
- Use network detection (NDR) with integrated threat intelligence to spot and block WarzoneRAT’s C2 communications.
