RAT Malware Extortion Email Threatens to Expose Your Online Activity- Scam Email Demands Bitcoin Ransom
A scam email claiming to have installed Remote Access Trojan (RAT) malware and spyware on the recipient’s computer is circulating to extort money from victims. The email purports to have hacked the victim’s email, installed spyware and RAT malware, and recorded the all of the machine’s activity on porn websites. If a ransom is not paid then personal information from the computer, including porn site activity, will be hacked and embarrassing videos will be sent to all email contacts. RAT Malware can be hard to detect and remove.
Scam emails like this one below, try to extort the recipient into sending the scammer money. The hacker is claiming that the computer is already infected with spyware and RAT malware that has been watching and recording all activity. If the ransom is not paid then videos of the user watching porn along with what they were watching will be sent to all email contacts in their hacked email address. Since activity from the device is recorded, then any passwords credit cards used for online shopping, financial account logins, are also compromised. In this case, the scammer wants to be paid $1000 USD as Bitcoin. One of the problems with a demand like this is that the average person has no idea about how to set up a Bitcoin wallet or how to complete the transaction. There is also no guarantee that the malware will be removed once the ransom is paid.
What is RAT Malware?
RAT malware gives hackers unlimited remote access to your computer or network. The malware lets hackers see everything on your computer and control it remotely. This is the same type of software used as remote-control software for computer tech support. However, the device owner does not know the RAT malware exists and obviously did not give permission for a hacker to access their device.
The email claims to have hacked the email address that it was sent to. In the sample scam email, the subject line, which is the first line of the email, is using the name of the email box. In this case, it is “mg.” The next line is the friendly name of the email sender rather than the actual email address. This is a critical distinction on discerning a phishing scam. The friendly name of an email is easy to fake, the email address not so much. The scammer altered the friendly name to that of the recipient, to support their claim in the body of the email that the account had been hacked and monitored.
How Does RAT Malware Work?
RAT malware works just like tech support remote access software. It has unlimited administrative access to the device it is installed on. However, malware is installed without the device owner’s knowledge or permission and can be present from extended periods of time before it is detected. Malware is delivered via phishing emails, bundled with legitimate file downloads, and injected on compromised devices. RAT malware is used to spy on devices or steal data.
Remote access, including RAT malware and legitimate remote access apps, allow full admin access to everything on the device it is installed on. Remote access works as if the hacker is sitting in front of the machine. Hackers can control a computer remotely, open files, send emails, watch and record your activity on websites, intercept passwords, and even upload more malware to your machine. Hackers can also perform illegal actions online like downloading illegal content or buying illegal items using your identity on the dark web and your home or office network as a proxy server.
This threatening email claims to have already installed spyware and RAT malware on this computer. Since this machine was recently used to surf the deep web and also at a hotel, so it is possible the machine was compromised even though it is always used with a virtual private network (VPN.) The keylogger mentioned in the email is an inexpensive piece of hardware that can be purchased online. It records all keystrokes including passwords and credit cards.
RAT Malware – What to Do
Scan your computer for viruses, malware and other software that may have been installed without your knowledge. The device this email was sent to was not compromised so this email was just a scam.
- Do not open emails from unknown senders. Scrutinize every email you receive to make sure the sender is who they claim they are. Do not trust the friendly name of an email
- Do not open email attachments from unknown people or companies. Be careful even if the email if from someone you know
- Do not open unsolicited email attachments
- If a website warns you that your software is out of date, do not accept the update. Go to the software official website and take the download from there
- Keep all hardware, devices, software, and apps up to date. Allow automatic updates so you never miss one
- Use good anti-virus software to protect your devices
- Use a VPN on an untrusted network connection
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers