Trojan.KonniRat
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 6 |
First Seen: | August 16, 2017 |
Last Seen: | June 12, 2020 |
OS(es) Affected: | Windows |
Security researchers classify the Trojan.KonniRat or KONNI as a Remote Access Trojan (RAT), which was performing its activities in the computers' backgrounds for more than three years without been detected. Looks like that the reduced number of KONNI victims was a key factor for its undetected activities. To make way for introducing KONNI into a computer, its controllers send an email to their targets containing a corrupted .scr file that, when opened, will display an official paper, which the user will want to read. However, while the document is read, the malware will be installed on the victim's machine. Kooni, in its initial attacks, was focused on collecting information. However, like other threats, Kooni was updated, and new features were added to its initial payload. Kooni activities started in 2014, but only in 2017, it appeared on security specialists reports. The attacks performed in 2017 allowed the attackers to run random code on the infected machine., register keystrokes, collect files and take screenshots and can attack the same victim numerous times. Recent attacks by KONNI were focused on North Korea, and KONNI may be connected to another threat named DarkHotel since it targets government representatives related to North Korea.
KONNI, as well as other threats used to attack North Korea, has drawn a lot of attention from the public, security researchers especially due to their efforts to combat them. However, malware developers always find a way to improve their creations and bypass security community efforts. However, computer users that follow security recommendations provided by malware specialists and have strong security software installed and executing will be less prone to infections like KONNI.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.