THE Argamal RAT (Remote Access Trojan) is a newly discovered malware that specifically targets players of hentai games. Once infected, the malware compromises the user's system and provides attackers with broad remote control capabilities. The initial infection occurs through malicious game downloads that include a modified FFmpeg DLL, allowing the malware to execute PowerShell scripts at startup for persistence and payload downloading.
Key technical details include:
- **Delivery Methods**: Infected games distributed via dedicated websites and torrent trackers.
- **Malicious Techniques**: The malware uses COM hijacking for persistence and executes scripts that set registry keys for future control.
- **Infrastructure**: Multiple command-and-control (C2) server addresses were identified, allowing attackers to issue commands remotely.
- **Victims**: Affected individuals are primarily located in Russia, Brazil, Germany, and Vietnam.
- **Attribution**: Based on analysis, the threat actor likely speaks Spanish, as evidenced by code comments and variable names.
The campaign appears ongoing, with the potential for further updates and enhancements, making detection and prevention crucial as malware sophistication increases.