FacebookTwitterLinkedIn

How to eliminate HZ RAT from compromised devices

Also Known As: HZ RAT malware
Type: Mac Virus
Damage level: Severe

Tomas Meskauskas Written by on (updated)

What is HZ RAT?

HZ RAT is a backdoor malware targeting macOS users (more precisely, users of DingTalk and WeChat versions for macOS). It is important to note that there is also a Windows version of HZ RAT malware. In order to avoid potential risks, victims should remove the malware from infected computers as soon as possible.

HZ RAT unwanted application

HZ RAT overview

When executed, HZ RAT connects to a command-and-control (C2) server using a list of IP addresses embedded within the backdoor. HZ RAT supports four primary commands: executing shell commands, writing files to disk, sending files to a remote server, and checking the victim's availability.

These commands enable the attacker to perform tasks such as file management and system monitoring on the infected device. Also, HZ RAT can collect certain information about the victim and the system, including IP address, hardware specifications, list of applications, user details from WeChat and DingTalk, data from Google Password Manager, and more.

Furthermore, HZ RAT seeks to extract information from the victim's WeChat account, including their WeChat ID, email, and phone number. For DingTalk, it aims to collect organizational data, such as the user's organization and department names, usernames, corporate email addresses, and phone numbers.

It appears that HZ RAT is focused on gathering user data. Its ability to include private IP addresses suggests it might later be used to expand across networks. The information collected about victims' companies and contacts could be leveraged for espionage and to set up future attacks.

Moreover, the commands supported by HZ RAT imply that cybercriminals may use the malware to inject other harmful software, like ransomware, cryptocurrency miner, or other types of malware.

Threat Summary:
Name HZ RAT malware
Threat Type RAT, Backdoor
Detection Names Avast (MacOS:Agent-ANR [Trj]), Combo Cleaner (Gen:Variant.Trojan.MAC.HZRat.1), ESET-NOD32 (A Variant Of OSX/HZRat.A), Kaspersky (HEUR:Backdoor.OSX.HZRat.gen), Full List Of Detections (VirusTotal)
Symptoms RATs are designed to stealthily infiltrate the victim's computer and remain silent, and thus no particular symptoms are clearly visible on an infected machine.
Distribution Methods Deceptive pop-up ads, free software installers (bundling)
Possible Damage Privacy risks, identity theft, additional computer infections.
Malware Removal (Mac)

To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner for Mac
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Conclusion

In conclusion, HZ RAT allows cybercriminals to remotely control infected computers and gather personal and organizational information. Its abilities indicate it could be used for further malicious activities, including deploying other harmful software. Some examples of other malware used to attack macOS users are Cthulhu, Banshee, and BeaverTail.

How did malware infiltrate my computer?

There is evidence that HZ RAT is distributed via deceptive installation packages (e.g., OpenVPNConnect.pkg). These installers pretend to be legitimate apps (e.g., OpenVPN Connect) but actually contain extra files. When the app is launched, the system runs the included files responsible for activating the HZ RAT backdoor.

It is also common for malware to be hidden in pirated software (or cracking tools), delivered via email (malicious links or attachments), malicious advertisements, vulnerabilities in outdated operating systems or programs, technical support scams, and similar avenues.

How to avoid malware

Do not download software from unknown sources or use pirated software, key generators, and cracking tools. Download applications and files from trusted sources, like official websites and app stores. Avoid opening files or links from suspicious emails, and do not engage with ads, pop-ups, or warnings on questionable websites.

Ensure your operating system and all applications are kept up to date, and regularly scan your computer for potential threats. If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate all threats.

HZ RAT's package file contents:

HZ RAT malware contents

Fake OpenVPN Connect installer containing HZ RAT:

HZ RAT malware fake OpenVPN Connect installer

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
 ▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

Manual removal of malicious Mac applications

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Frequently Asked Questions (FAQ)

My computer is infected with HZ RAT, should I format my storage device to get rid of it?

Formatting your storage device can effectively remove HZ RAT and other malware. However, formatting will erase all data on your device. Thus, we recommend using Combo Cleaner to scan the operating system and remove detected threats.

What are the biggest issues that malware can cause?

Malware infiltration can lead to problems like monetary loss, identity theft, data encryption, and system crashes. Also, cybercriminals can use malware to steal personal accounts or other malicious purposes,

What is the purpose of HZ RAT?

HZ RAT is designed to provide attackers with remote control over an infected device, allowing them to execute commands, manage files, and monitor the system. It focuses on collecting detailed personal and organizational data, including from WeChat and DingTalk, and can gather system information.

How did HZ RAT infiltrate my computer?

HZ RAT is distributed through deceptive installation packages, which disguise themselves as legitimate apps but contain hidden files that activate the backdoor. It is also commonly spread through pirated software, malicious emails, ads, outdated software vulnerabilities, and technical support scams.

Will Combo Cleaner protect me from malware?

Yes, Combo Cleaner can detect and remove nearly all known malware infections. However, sophisticated malware often hides deep within the system, so a full scan is necessary to eliminate malware of this kind.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Removal Instructions in other languages
New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Top Removal Guides
QR Code
HZ RAT malware QR code
Scan this QR code to have an easy access removal guide of HZ RAT malware on your mobile device.
We Recommend:

Get rid of Mac malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner for Mac

Platform: macOS

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.