Windows system takeovers enabled by new DuplexSpy RAT

Windows systems could be completely compromised in attacks involving the advanced DuplexSpy RAT malware, which uses a complex persistence technique on top of sophisticated encryption methods, Cyber Security News reports.

Aside from featuring real-time screen capturing, keylogging, and interactive command shell access capabilities, which allow extensive surveillance, DuplexSpy RAT also leverages a two-pronged persistence approach that commences with sophisticated installer routine execution during initialization, as well as involves self-copying to the startup folder that occurs concurrently as registry entry creation, a report from CYFIRMA showed. Modern anti-analysis techniques have also been integrated into DuplexSpy RAT, which was observed to facilitate system process monitoring at 100 millisecond intervals and security software process termination upon their detection. Researchers also found that fileless execution tactics used by DuplexSpy RAT have enabled increased stealth. Total in-memory operations and robust persistence exhibited by DuplexSpy RAT indicate the growing sophistication of remote access trojans, which requires the adoption of more advanced detection systems.