The TorRAT malware was first appeared in 2012 as spying tool only. But from August 2012, Bitcoin Mining feature was added and it became a powerful hacking tool that was commonly associated with attacks on Financial institutions.
This year TorRat Malware targeted two out of three major Banks in the Netherlands and the criminals stole over Million Dollars from user' Banking Accounts.
The Dutch police has arrested four men from Alkmaar, Haarlem, Woubrugge and Roden on last Monday, who are suspected of involvement in the large scale digital fraud and money laundering case using TorRat Malware.
Using Spear Phishing techniques, gang targeted the victims to access their computers and the Financial accounts. The gang used anonymous VPN services, Bitcoins, TorMail and the Tor network itself to remain anonymous.
Malware is also capable of manipulating the information during online banking, can secretly add new payment orders and also able to modify existing orders.
To defend the detection from Antivirus softwares, TorRat uses the ZeuS malware in its attack. The technique was used to divert the focus of researchers to remove ZeuS infection, rather than the unknown malware on the system.
Some of the stolen money was converted by criminals to (56 BTC worth around 7700 Euros) Bitcoin virtual currency, which are now seized by Dutch police. Police also mentioned that, one of arrested criminal having his own Bitcoin exchange service.
The TorRAT malware has been known to be distributed in multiple ways. In April, TorRat was in news for hijacking twitter accounts. After infecting a vulnerable computers, the TorRAT malware hijacks the Twitter user's account and share links that lead to attack websites that attempt to inject TorRAT malware into the victim's computer.
The main reason why this particular attack is so effective is because victims are essentially receiving links to the TorRAT malware from sources they trust; accounts that they follow on Twitter. TorRAT malware involves using Man-in-the-Browser (MitB) tactics to infect computers through vulnerabilities in their Web browser. These kinds of attacks were used to take over a victim's online banking account.
They made more than 150 fraudulent transactions for victim's accounts and Police said that, because Gang was operating from the Netherlands, so tracking them become possible.
They made more than 150 fraudulent transactions for victim's accounts and Police said that, because Gang was operating from the Netherlands, so tracking them become possible.