SectopRAT, also known as 1xxbot or Asatafar, had been an unknown, in-development threat when we discovered it a year ago. Now it infects systems in Germany. What is the new version capable of?
Infections and aliases
New appearances of SectopRAT infection attempts in our telemetry prompted me to investigate the threat that seemed in its infancy at the time of the first article. The malware has been refined and gotten more features since. To sum up the first article: SectopRAT uses a second, hidden desktop to allow remote control. Parts of it seem unfinished.