BlackBerry Prevents: Warzone RAT
Warzone is a Remote Access Trojan (RAT) that is sold on a publicly available website as opposed to on the dark web, as a Malware-as-a-Service (MaaS) subscription-based platform. The initial subscription to the malware’s basic RAT builder is rather inexpensive, beginning at $22.95 per month, as it is designed to be targeted towards novice threat-actors.
Advanced features such as a rootkit, hidden process capability, premium dynamic DNS (DDNS), and customer support are available with the upgraded subscription. This premium version is called “Poison”, and it’s sold at a higher fee of $879 for a three-month subscription.
Threat actors can also choose to purchase builders for document-based exploit delivery, including a recently disclosed 2021 XLL Excel exploit that the malware author claims are fully undetected, for $2100 per month.
To see how BlackBerry prevents MaaS attacks from occurring, check out the following video, and watch BlackBerry go head-to-head with a live sample of Warzone RAT.
DEMO VIDEO: BlackBerry vs. Warzone RAT
Learn more about Warzone RAT in our deep dive blog, Threat Thursday: Warzone RAT Breeds a Litter of ScriptKiddies
Demo Video: How BlackBerry Stops Warzone RAT
Let’s investigate this incident with two key BlackBerry® solutions: BlackBerry® Protect and BlackBerry® Optics. BlackBerry Protect is an endpoint protection product that uses our Cylance® AI machine learning model to stop threats before they can execute, providing users with pre-execution protection.
BlackBerry Protect also provides full details on the malicious file’s properties, with an exhaustive list of threat indicators identifying file anomalies, collection, and destruction capabilities.
BlackBerry Optics gives you full transparency into the attempted system compromise. With BlackBerry Optics, you can conduct automated root-cause analysis where you can clearly see the chain of activities conducted by the user that led to an attack attempt. Using BlackBerry Optics, you can identify the source domain for this attack and visualize all the related network interactions.
A third product, BlackBerry® Gateway, can sense and stop this type of malicious network activity by blocking the traffic based on IP reputation, effectively preventing the installation script from getting the malicious payload from the Internet. Using BlackBerry Gateway, the administrator of the affected system can easily analyze the event and obtain all the relevant data they need to see where the attack came from, and why BlackBerry products activated to stop the attack before it began.
Our Prevention-First Philosophy
At BlackBerry, we take a prevention-first and AI-driven approach to cybersecurity. Putting prevention first neutralizes malware before the exploitation stage of the kill chain.
By stopping malware at this stage, BlackBerry solutions help organizations increase their resilience. It also helps to reduce infrastructure complexity and streamline security management, ensuring your business, people and endpoints are secure.