New AutoHotkey-Based Malware Attacks

The Hacker News has given us a good-to-know update about the vulnerabilities in Microsoft Windows' scripting language AutoHotkey (AHK). Cybersecurity researchers have discovered that AHK scripting language can be used to deliver multiple multiple remote access trojans (RAT) such as Revenge RAT, LimeRAT, AsyncRAT, Houdini, and Vjw0rm on target Windows systems.



In this RAT delivery campaign, the attackers incorporate malicious scripts/executables alongside a legitimate application to disguise their intentions. The AHK interpreter and the AHK script are incorporated into the legitimate application file via the FileInstall command. Regardless of the attack chain, the infection begins with an AHK executable that proceeds to drop and execute different VBScripts that eventually load the RAT on the compromised machine.


Now where is the significance of this to me, you might be asking? Or even, "What the heck does any of this jargon even mean?"


Well, for example, many of us are working from home still with our work PCs but with a personal PC or tablet also hooked into our home network. Let's say that, even if there is no way of installing anything at all on your work PC (because of security settings already in existence), you obviously can still make changes/installations on your personal device(s). If your personal machine is compromised, and a RAT is loaded, then the cyber criminal has possibly just managed to block Microsoft Defender or blocked your future virus updates through tampering with the hosts file.



With security controls bypassed, your computer can be an open door to the hacker: an opening to the data on your own personal device and any connected cloud folders, as well as to your home network and any other attached devices.


"Watch, listen, learn." We can try to keep more ahead of the attackers if we keep informed of the threats and always remember that there is no such thing as "too small" to be a victim or someone being "unimportant" to any cyber attacker.

18 views0 comments