Remote Access Trojan
Orion RAT
First seen: 2023-08 • Status: active
Currently Active Threat
Orion RAT can secretly view and control your screen, steal passwords, and replace cryptocurrency addresses.
Overview
Orion RAT is a commercial RAT offering HVNC (Hidden Virtual Network Computing), stealer capabilities, and crypto clipper functionality.
Also Known As
OrionRAT
How It Spreads
- • Phishing
- • Cracked software
What It Does
- • Hidden VNC
- • Credential theft
- • Crypto address replacement
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for HVNC indicators
MITRE ATT&CK Techniques
T1219, T1555, T1115
If You're Infected
- 1.
Full malware scan
- 2.
Verify crypto transactions
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required