Security News > 2022 > May > New stealthy Nerbian RAT malware spotted in ongoing attacks
A new remote access trojan called Nerbian RAT has been discovered that includes a rich set of features, including the ability to evade detection and analysis by researchers.
The email campaigns were discovered by researchers at Proofpoint, who released a report today on the new Nerbian RAT malware.
Impersonating the WHO. The malware campaign distributing Nerbian RAT impersonates the World Health Organization, which is allegedly sending COVID-19 information to the targets.
UpdateUAV reuses code from various GitHub projects to incorporate a rich set of anti-analysis and detection-evasion mechanisms before Nerbian RAT is deployed.
All these checks make it practically impossible to get the RAT running in a sandboxed, virtualized environment, ensuring long-term stealthiness for the malware operators.
Without a doubt, Proofpoint has spotted an interesting, complex new malware that focuses on stealthiness through numerous checks, encrypted communications, and code obfuscation.
News URL
Related news
- New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)