Kedi RAT

What is Kedi RAT?

Kedi RAT is an old computer infection that first came into light in 2017. It is a remote access Trojan, and as such, it can collect sensitive information on the infected system, and then transfer that information to its C&C. Whatever the hackers behind this infection do with the stolen information, that’s hard to say. However, it is clear that one shouldn’t underestimate this Trojan. If you know for sure that your computer or your computer network is infected with this threat, you have to remove Kedi RAT at once. If manual removal too much of a hassle for you, please invest in a powerful security tool to do the job for you.

Where does Kedi RAT come from?

Like most of the Trojan infections these days, Kedi RAT spreads through spam emails. Perhaps you have heard that line multiple times before, and you find it annoying. Trust us, we find it annoying, too. But the truth is that spam emails remain one of the major medium for malware distribution, and users still for the same tricks.

It also means that folks who get infected with Kedi RAT download this program themselves. Of course, when they download the Trojan installer, they think they download an Adobe file because that’s what the Trojan masquerades as. The nature is in the name – Trojan. These dangerous infections pretend to be something they are not, so that users would allow them to enter the target systems.

So the spam emails that deliver Kedi RAT look like normal messages from reliable senders, and the Trojan installer file looks like an Adobe file. However, once you launch that file, you install the Trojan on your system, and Kedi RAT is very sneaky in the way it operates.

What does Kedi RAT do?

For one, this Trojan is good at avoiding security programs. If your antispyware product is not up-to-date, it might not even detect it at all. Second, Kedi RAT is good at stealing your data behind your back while sending the stolen information (the stolen information usually includes the screenshots of your desktop) back to its C&C via your own Gmail account. How sneaky can a program get?

Another thing we would like to emphasize here is that Kedi RAT is part of a spear phishing attack. It means that the spam emails that distribute this infection do not reach their victims at random. Spear phishing attacks usually target specific users, and so we have grounds to believe that this Trojan was created to steal information from bigger companies and firms. This means that companies and corporations should consider educating their employees about the latest types of malware, because one single click on that installer file could infect the entire computer network.

What’s more, Kedi RAT is very good at tricking users into thinking it is a benign file. When users launch the malicious installer, it looks like a Citrix utility updater, and if you use this workspace app in your firm, no one might notice that something is off at first.

As a result, Kedi RAT slithers into multiple systems and then proceeds to do whatever it was programmed to do. We already know that the Trojan is there to steal your sensitive information, but it can also download more malicious files and open backdoors, thus allowing other malware infections to enter the target system.

As mentioned, it uses Gmail to receive instructions from its C&C. Researchers say that Kedi RAT finds the latest unread message, grabs its content, and then parses commands from it. It is definitely a rather inventive way of communication between the infection and its C&C. We can only expect to see even more intricate solutions in the future.

How do I remove Kedi RAT?

Manual removal is definitely possible, but we wouldn’t recommend that unless you are an experienced computer user. Keeping in mind that there could be more threats installed on your system, and so it would be for the best to rely on an automated malware removal tool.

However, let’s not forget that a security tool of your choice isn’t the thing that protects your system. It’s also the way you interact with unfamiliar content either on the web or in your inbox that speaks great lengths about your attitude to a computer and personal information security.

Manual Kedi RAT Removal

1. Press Win+R and enter %AppData%. Press OK.
2. Open adobe and delete the reader_sl.exe file.
3. Press Win+R and type %ALLUSERSPROFILE%. Click OK.
4. Navigate to Microsoft\Windows\Start Menu\Programs\Startup.
5. Remove the reader_sl.exe file.
6. Use SpyHunter to scan your computer. Download Removal Tool100% FREE spyware scan and
   tested removal of Kedi RAT*