SLOTHFULMEDIA Remote Access Trojan

March 2, 2023

If you’re trying to remove SLOTHFULMEDIA Remote Access Trojan, there are a few solutions you can try. These include installing a new program, circumventing network filters and searching for files of interest or sensitive data.


The SlothfulMedia Remote Access Troj is an advanced Trojan horse used by various high-ranking government agencies such as the US, Britain and Canada against other countries like India and Kazakhstan. It’s likely that Russia too has recently fallen victim to this malware, suggesting that CIA or other foreign military services may have been using it covertly to spy on their citizens.

SLOTHFULMEDIA is an example of malware whose origins remain obscure. Though not widely known, it has been linked to several high-profile hacks across multiple countries. Not only can the program steal credit card info, but it also allows malicious code to be launched onto other computers via remote access trojan (RAT), which encrypts data before allowing viewing and controlling remotely.

Avoiding Network Filtering

Remote Access Trojan (RAT) are a new breed of malware that has managed to get past both large and small company defenses. While RATs possess many capabilities, they also come with risks. These include theft of files, hijacking webcams, and installation of software on an unsuspecting system.

Combatting a ransomware attack (RAT) requires installing an intrusion detection system (IDS) and actively participating in your company’s security awareness training. A good starting point is learning more about the malware itself by looking into its source code, known as binaries. Furthermore, an effective anti-virus solution should detect and block any malicious code from communicating with other applications.

Exploiting a Windows zero-day vulnerability

Microsoft Windows systems have been discovered to be vulnerable to a zero-day vulnerability in the NtGdiResetDC function of the Win32k kernel driver. This flaw allows remote, unauthenticated users to take control of a system and execute arbitrary code. With this exploit, bad actors could execute applications, delete data, install programs, and even create new accounts with ease.

This vulnerability could allow hackers to read the kernel memory, enabling their malicious software to download and infect victim’s files.

This vulnerability was apparently exploited as part of an espionage campaign by Chinese-speaking hackers, who reported it to Microsoft’s Security Response Center more than a month ago; however, the company declined to issue a patch for it.

Microsoft has previously alerted to this vulnerability, noting that it’s actively being exploited. While it remains uncertain how many attackers have taken advantage of the flaw thus far, Microsoft has hinted at a larger attack surface than previously understood.

Searching for files of interest and sensitive data

SlothfulMedia is a Remote Access Trojan (RAT) created to perform an unusual task. The malware uses social engineering techniques to instigate users into executing commands and downloading malicious payloads. RATs often remain covert, masquerading as legitimate programs or applications with random paths and file names.

It is essential to use a reliable antivirus solution when protecting against data collection. In the unfortunate event that your machine becomes infected, lock it up when not in use and avoid installing software from unknown sources. Furthermore, never click links in emails or advertisements from suspicious parties; if necessary, at least install an effective anti-malware tool like Malwarebytes Anti-Malware for additional protection.

SLOTHFULMEDIA is an advanced Remote Access Trojan (RAT). It can execute arbitrary commands, terminate processes and modify the registry. Furthermore, SLOTHFULMEDIA comes equipped with features that make it suitable for social engineering tricks such as email phishing attacks, fake links and attachments containing malware.

The US Department of Defense Cyber National Mission Force and Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have identified the malicious file. Besides publishing a technical report, both organizations also issued warnings and recommendations for avoiding infection. These include using reliable antivirus software, avoiding clicking on unknown websites, and installing software only from trusted sources.

SlothfulMedia has been linked to multiple attacks against Russia, India, and Malaysia; as well as suspected involvement in several incidents across the UK and Canada.

Ammar Fakhruddin


Ammar brings in 18 years of experience in strategic solutions and product development in Public Sector, Oil & Gas and Healthcare organizations. He loves solving complex real world business and data problems by bringing in leading-edge solutions that are cost effective, improve customer and employee experience. At Propelex he focuses on helping businesses achieve digital excellence using Smart Data & Cybersecurity solutions.

Security Practitioners Should Understand Their Business

Security Practitioners Should Understand Their Business

Discover why security practitioners should understand their business context for more effective cybersecurity strategies. With devastating data breaches and ransomware attacks dominating headlines and putting people’s lives at risk, cybersecurity has been elevated to...

Shadow Data is A Growing Risk

Shadow Data is A Growing Risk

Shadow data: A growing risk to your organization's security. Learn how to tackle and mitigate this growing threat. Businesses are embracing the cloud for multiple reasons, including cost savings and business acceleration. But these gains are accompanied by growing...

Delinea Adds New Features

Delinea Adds New Features

Delinea adds new features for its privilege manager and devops secrets vault that reduce friction on workstations and help balance security and velocity. This includes enhanced privilege elevation workflows and improvements to our native MacOS agent for the latest...

Recent Case Studies

Press Releases

News & Events


Managed Security Services
Security & Privacy Risk Assessment
Cloud Platform Security
Incident Response & Business Continuity

Penetration Testing

Virtual CISO

Email Security & Phishing



About Us