Cyber Protect Cloud
for service providers

A new remote access Trojan (RAT) by the name of Dark Watchman uses fileless techniques and is mainly created in JavaScript. This makes it more stealthy.

Dark Watchman is stored in the Windows Registry as a script, and a scheduled task is created to launch it every time the user logs in. It also has a keylogger which is stored as obfuscated C# code, and compiled by a PowerShell script and the legitimate .NET CSC.exe tool.

The RAT can download and execute new payloads, run custom commands, upload files to a command-and-control server, and update its own code. There are indications that it does download ransomware.

The behavioral detection and machine intelligence capabilities in Acronis Cyber Protect effectively block both existing and brand-new malware threats, including fileless variants, before they can do any damage to your systems.

About Acronis

Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 2,000 employees in 45 locations. Acronis Cyber Protect solution is available in 26 languages in over 150 countries and is used by 18,000 service providers to protect over 750,000 businesses.

More from Acronis