Full Report
A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. [...]
Analysis Summary
# New Atroposia Malware Comes with Local Vulnerability Scanner
===========================================================
## Key Points
- A new malware-as-a-service (MaaS) platform named Atroposia has been discovered, providing a remote access trojan (RAT) with capabilities for persistent access, evasion, data theft, and local vulnerability scanning.
- The malware is available for a $200 monthly subscription and unlocks advanced features such as hidden remote desktop, file system control, data exfiltration, clipboard theft, credential theft, cryptocurrency wallet theft, and DNS hijacking.
- Atroposia's modular design allows it to bypass User Account Control (UAC) protection on Windows systems and maintain persistent, stealthy access on infected hosts.
## Threat Actors
- Attributed to the malware-as-a-service market, with potential ties to low-skilled threat actors who can execute effective campaigns.
- The emergence of Atroposia adds yet another MaaS option for cybercriminals, lowering the technical barrier and enabling easier execution of effective campaigns.
## TTPs
- HRDP Connect module: spawns a covert desktop session in the background, allowing an attacker to interact with the user's session without visible indication.
- Remote desktop module: allows remote file browsing, copying, deleting, and execution capabilities.
- Stealer module: targets saved logins, crypto wallets, and chat files, capturing everything copied in real time (passwords, API keys, wallet addresses).
- Host-level DNS hijack module: maps domains to attacker IPs, enabling phishing, MITM, fake updates, ad or malware injection, and DNS-based exfiltration.
- Built-in local vulnerability scanner: audits missing patches, unsafe settings, and vulnerable software, returning a score that allows attackers to prioritize exploits.
## Affected Systems
- Windows systems with missing patches, insecure settings, and outdated software versions.
## Mitigations
- Download software only from official sites and reputable sources.
- Avoid pirated software and torrents.
- Skip promoted search results.
- Never execute commands they find online that they don’t understand.
- Regularly update systems with the latest security patches and maintain a secure VPN client.