Do you know what DOGCALL is?
DOGCALL, also known as ROKRAT, is a RAT, which is short for “Remote Access Tool.” Such a tool can help cybercriminals gain access to the targeted operating systems remotely, and, unfortunately, they usually work along with other malicious infections. According to our malware research team, this malware is part of the extensive APT37 arsenal, and so it is likely to run along with info-stealers, backdoor Trojans, malware downloaders, audio-capturing tools, and other dangerous threats. Needless to say, operating one threat is easier than operating a bunch of different hacking tools, but the attackers behind this malware are not taking the easy route. They need all of these tools to perform attacks against targets that are likely to have sophisticated security systems. To put it simply, regular Windows users are unlikely to be targeted. Of course, cybercriminals are unpredictable, and so you must learn how to remove DOGCALL in case it slithers in.
It appears that the malicious DOGCALL is a tool in the hands of attackers in North Korea. Initially, the attacks were targeted at the government and companies of South Korea. The attacks began back in 2012. Since then, the attackers have evolved, and they have found new enemies. Ultimately, anyone could become a victim of this malware. Once inside the system, this RAT can do some serious damage, and that is why it is most important to protect operating systems. After all, it is much easier to prevent malware from slithering in than deleting it once it attacks. According to our research team, DOGCALL is likely to spread in two completely different ways. It could be spread via downloaders and spam emails, in which case, the targets are meant to be tricked into executing this malware themselves. Alternatively, it could be dropped by other active infections. As we have mentioned already, the attackers behind this malware are using multiple hacking tools, and so this method of distribution is more probable.
Of course, DOGCALL itself could be used to drop additional threats. Once executed, this remote access tool is meant to gather information about the infected machine. This information is most likely to include the version of the operating system, the name of the user, the name of the computer, and data related to hardware. DOGCALL should also grab the name of the FQP of the module. The RAT was also observed capturing screenshots and creating JPG files. Once the screenshot image is captured, the gathered information is pinned to it, and then the file is sent to the attackers via Dropbox, pCloud, and Yandex cloud storage platforms. Back in 2017, ROKRAT was also using Mediafire and Twitter. The cloud platform was used for data exfiltration, and Twitter was used for C&C communications. It is also possible that the infection could download and execute more files by using these cloud services and C&C communication. To ensure that it remains undetected, the RAT performs anti-analysis checks.
In conclusion, you can say that ROKRAT is a sophisticated piece of malware and that the attackers behind it know what they are doing. While these attackers initially terrorized South Korea, it is known that they have attacked Japan, Vietnam, and countries in the Middle East as well. Ultimately, they are unpredictable, and it is hard to say who they will target next. Although the RAT is pretty much a ghost, there are ways to protect operating systems against it. Without a doubt, it is most important that systems are guarded reliably by the best security software and that IT teams implement all available security tools. It is just as crucial to install updates in time to ensure that vulnerabilities cannot be exploited. Finally, those using the systems need to be educated on how to identify, report, and destroy malware. Unfortunately, catching and then deleting DOGCALL manually might be a nightmare.
Remove DOGCALL
- Delete recently downloaded suspicious files.
- Check the Desktop, the Downloads folder, and the %TEMP% directory for suspicious files.
- If you find anything you do not recognize, Delete it immediately.
- Empty Recycle Bin.
- Immediately install and run a trusted malware scanner that could detect potential leftovers.
In non-techie terms:
DOGCALL, or ROKRAT, is a very dangerous piece of malware that can help cybercriminals gain access to the information on your operating system. The threat records system-related data and also captures screenshots to obtain this information. Since it is good at hiding itself, some victims might not even know about its existence, and it could also fall through the cracks if multiple other infections are found. Unfortunately, other infections are likely to exist along with this RAT. Although individual Windows users are unlikely to have to face this malware – as companies, institutions, and governments appear to be the main targets – everyone needs to take appropriate security measures to keep malware away. First, we advise implementing anti-malware software that would automatically remove DOGCALL and also restore Windows protection. Second, we advise installing all updates to patch vulnerabilities that could be exploited. Finally, do not forget that caution and vigilance can help you protect yourself.