Security News > 2022 > August > Escanor malware delivered in weaponized Microsoft Office documents
Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 worldwide, identified a new RAT advertised in Dark Web and Telegram called Escanor.
The threat actors offer Android-based and PC-based versions of RAT, along with HVNC module and exploit builder to weaponize Microsoft Office and Adobe PDF documents to deliver malicious code.
In the past, the actor with exactly the same moniker released 'cracked' versions of other Dark Web tools, including Venom RAT, 888 RAT and Pandora HVNC which were likely used to enrich further functionality of Escanor.
The mobile version of Escanor is actively used by cybercriminals to attack online-banking customers by interception of OTP codes.
The majority of samples detected recently has been delivered using Escanor Exploit Builder.
After the report has been released by Qihoo 360, the Escanor RAT actor has released a video detailing how the tool may be used to bypass AV detection.
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- Microsoft fixes bug behind random Office 365 deactivation errors (source)