LTS Secure Warning: Obfuscation Techniques Aid H-worm RAT To Evade Detection

Researchers have identified a new version of the notorious H-worm RAT, which is now making use of obfuscation techniques to avoid being detected by antivirus software.


Technical Details

The new version of the RAT, utilizes the fileless VBScript injectors that takes advantage of the DynamicWrapperX component.

Infection Process:

  • Mails containing malicious links are being sent to users.
  • Once the user clicks on the link inside the mail, they are redirected to a malicious website, from where a zipped visual basic script (VBS) is downloaded on the victim device.
  • Once the file is executed by the user, the RAT gets installed on the devices and initiates its malicious activities.



  • Capture screenshots.
  • It captures real time as well as offline keystrokes.
  • It will steal your credentials / confidential data and sends to the remote attacker.
  • It is capable of fetching live feed of webcam and microphone of the victim.
  • Propagates via storage devices like USB to increase its impact radius.
  • Updating & uninstalling itself at will.


Recommended Actions

  • Always update your anti-virus software with the latest releases.
  • Ensure that your devices are always up-to-date with the latest patches released.
  • Never download any suspicious attachments or click on any shady-looking link. Take an effort to educate your users on how to identify a malspam.
  • Periodically run “full system scan” on your endpoints.
LTS Secure Locations
  • Florida: 407-965-5509
    Los Angeles: 323-544-5013
    Mid West: 800 689 4506

  • Chicago/Midwest– 2406 Schumacher Drive, Mishawaka, IN, 46545

    201, Tower S4, Phase II, Cybercity, Magarpatta Township, Hadapsar, Pune-411013

Leave us a messages Leave us a messages

← Prev Step

Thanks for contacting us. We'll get back to you as soon as we can.

Please provide a valid name, email, and question.

Powered by LivelyChat
Powered by LivelyChat Delete History