Security News > 2022 > May > New stealthy Nerbian RAT malware spotted in ongoing attacks

A new remote access trojan called Nerbian RAT has been discovered that includes a rich set of features, including the ability to evade detection and analysis by researchers.
The email campaigns were discovered by researchers at Proofpoint, who released a report today on the new Nerbian RAT malware.
Impersonating the WHO. The malware campaign distributing Nerbian RAT impersonates the World Health Organization, which is allegedly sending COVID-19 information to the targets.
UpdateUAV reuses code from various GitHub projects to incorporate a rich set of anti-analysis and detection-evasion mechanisms before Nerbian RAT is deployed.
All these checks make it practically impossible to get the RAT running in a sandboxed, virtualized environment, ensuring long-term stealthiness for the malware operators.
Without a doubt, Proofpoint has spotted an interesting, complex new malware that focuses on stealthiness through numerous checks, encrypted communications, and code obfuscation.
News URL
Related news
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks (source)
- ClickFix attack delivers infostealers, RATs in fake Booking.com emails (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)