wbraveheart 0 Posted November 20, 2023 Share Posted November 20, 2023 Hi All, I am an ESET Home Security user and I have been informed by my Internet Provider that my network was infected by a Warzone RAT. They specify a specific IP Port which is linked to my NAS (Synology DSM). I use my NAS to stream movies using Plex and never download movies directly on my PC. My questions is the following: 1. I understand that RAT can only affect Windows Devices, but will ESET detect such trojan on my network? Thanks for your help. regards Link to comment Share on other sites More sharing options...
Administrators Marcos 5,306 Posted November 20, 2023 Administrators Share Posted November 20, 2023 If malware was running on your NAS and there would be no malicious communication with the machine with ESET installed, then it could not be detected either. The question is what communication did the ISP detect that they assume it was a RAT running on your NAS. There is a chance it could be a false positive. Link to comment Share on other sites More sharing options...
wbraveheart 0 Posted November 20, 2023 Author Share Posted November 20, 2023 1 hour ago, Marcos said: If malware was running on your NAS and there would be no malicious communication with the machine with ESET installed, then it could not be detected either. The question is what communication did the ISP detect that they assume it was a RAT running on your NAS. There is a chance it could be a false positive. Thanks Marcos. I only use my laptop to access my NAS using local IP address, so I dont know if there has been a malicious communication. Link to comment Share on other sites More sharing options...
itman 1,760 Posted November 20, 2023 Share Posted November 20, 2023 (edited) Blackberry has an article on Warzone RAT here: https://blogs.blackberry.com/en/2021/12/threat-thursday-warzone-rat-breeds-a-litter-of-scriptkiddies . The article is a bit dated and most AVs detect the the variants listed in the article. This might be a new variant that is currently "flying under the AV radar." Also, Warzone per se is a legit game: https://www.callofduty.com/playnow/warzone . Edited November 21, 2023 by itman Link to comment Share on other sites More sharing options...
itman 1,760 Posted November 21, 2023 Share Posted November 21, 2023 I will also add there are multiple known vulnerabilities for Synology DSM; https://www.cvedetails.com/vulnerability-list/vendor_id-11138/Synology.html Ensure all the latest software patches available by the manufacturer have been applied. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted November 22, 2023 Most Valued Members Share Posted November 22, 2023 On 11/20/2023 at 11:06 AM, wbraveheart said: Hi All, I am an ESET Home Security user and I have been informed by my Internet Provider that my network was infected by a Warzone RAT. They specify a specific IP Port which is linked to my NAS (Synology DSM). I use my NAS to stream movies using Plex and never download movies directly on my PC. My questions is the following: 1. I understand that RAT can only affect Windows Devices, but will ESET detect such trojan on my network? Thanks for your help. regards Is your NAS exposed to internet? Link to comment Share on other sites More sharing options...
Recommended Posts