Security News > 2022 > May > New stealthy Nerbian RAT malware spotted in ongoing attacks
A new remote access trojan called Nerbian RAT has been discovered that includes a rich set of features, including the ability to evade detection and analysis by researchers.
The email campaigns were discovered by researchers at Proofpoint, who released a report today on the new Nerbian RAT malware.
Impersonating the WHO. The malware campaign distributing Nerbian RAT impersonates the World Health Organization, which is allegedly sending COVID-19 information to the targets.
UpdateUAV reuses code from various GitHub projects to incorporate a rich set of anti-analysis and detection-evasion mechanisms before Nerbian RAT is deployed.
All these checks make it practically impossible to get the RAT running in a sandboxed, virtualized environment, ensuring long-term stealthiness for the malware operators.
Without a doubt, Proofpoint has spotted an interesting, complex new malware that focuses on stealthiness through numerous checks, encrypted communications, and code obfuscation.
News URL
Related news
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)