A new Remote Access Trojan (RAT) variant, called Mr.Skeleton, has been observed in the wild. This malware is based on the code of the notorious njRAT (Ratenjay) malware family, which has been widely used in cyberattacks. Recently, it has been advertised for sale on dark web platforms, highlighting its malicious potential. Mr.Skeleton shares many functionalities with its predecessor, allowing cybercriminals to remotely control infected devices and perform a variety of malicious actions.
The Mr.Skeleton RAT includes a range of capabilities that make it a dangerous tool for cybercriminals. These functions include remote access to and manipulation of the system’s files and registry, as well as the ability to execute commands via a remote shell. Additionally, the malware can log keystrokes and even remotely control the infected device’s camera, enabling attackers to surveil the victim without detection. These features make it a powerful tool for espionage and data theft.
Security experts have identified Mr.Skeleton through various detection methods used by leading cybersecurity solutions. Symantec has flagged the RAT using adaptive-based and behavior-based indicators such as ACM.Ps-RgPst and SONAR.Dropper. VMware Carbon Black also detects and blocks the malware’s associated malicious indicators, preventing its execution on protected systems. The security vendor recommends implementing policies to block all types of malware—known, suspect, and potentially unwanted programs (PUPs)—and using cloud scan delays to maximize detection through reputation services.
To defend against this and similar threats, cybersecurity professionals recommend taking proactive measures. Organizations should ensure their security systems are up to date and configured to detect malicious activity like that exhibited by Mr.Skeleton. Additionally, users should avoid downloading suspicious files, particularly from untrusted sources, and maintain strong system defenses, such as firewalls and up-to-date anti-malware software, to mitigate the risk of RAT infections. By remaining vigilant and implementing these best practices, individuals and organizations can protect themselves from the growing threat of remote access malware.
