Ratty-infected PDFs spy on users' cameras and microphones

Cybercriminals are relentless, and with the expansion of remote work, users have become easy targets. Cybersecurity specialist Eset has identified a virus that hides in PDF files called Ratty, a remote access Trojan (RAT) capable of controlling cameras, microphones, and capturing screens on computers and cell phones.
Currently, this malware primarily affects users in Peru, but its rapid spread across the internet makes the threat global. Attackers use social engineering to deceive victims through phishing emails that appear to be legitimate invoices or other documents.
The malicious campaign begins with an email containing an attachment named Invoice.pdf. Upon opening it, the victim is tricked into downloading an HTML file that executes a VBS script on Windows systems. This script installs the Ratty Trojan on the device, allowing the attacker to access sensitive information without the user's knowledge.
Once active, Ratty can record audio via microphones, capture video from the webcam, take screenshots, and even control the computer, locking the mouse and screen to prevent user interaction. The collected data can be leaked on the dark web or used for extortion.
Cybercriminals distribute infected files using cloud storage services such as Google Drive, Dropbox, and Mediafire. Social engineering is key: the emails appear to be from trusted sources so the victim will click unsuspectingly.
Fabiana Ramírez, a researcher at Eset Latin America, emphasized that Ratty is not common in the region, but its versatility makes it especially dangerous. Its ability to exfiltrate data and control devices makes it a significant risk for users and businesses.
Avoiding these types of attacks doesn't require being a computer expert. Avoiding opening or downloading files from unexpected emails, always verifying the sender's address, keeping systems and programs up-to-date, activating reliable antivirus software, and avoiding public Wi-Fi networks are essential measures.
If you receive a suspicious PDF, it's best to delete it immediately. Reviewing app permissions on mobile phones and computers can alert you to unauthorized access to your camera, microphone, or files. Enabling two-step verification on email services and digital platforms adds an extra layer of protection and can reduce intrusion attempts by up to 90%.
The spread of Ratty demonstrates the need to educate users about computer security. Knowledge of phishing, malware, and good browsing practices can prevent most attacks. Companies should implement security protocols and educate employees about the risks of opening unknown files and connecting to public networks.
The Ratty threat is a reminder that digital security is a shared responsibility. Users, institutions, and governments must be vigilant and take preventive measures to protect personal and corporate information from cybercriminals.
La Verdad Yucatán