Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT

2023-07-31 08:38

Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT. "Among the software in question are various instruments for fine-tuning CPUs, graphic cards, and BIOS; PC hardware-monitoring tools; and some other apps," cybersecurity vendor Doctor Web said in an analysis.

"Such installers are used as a decoy and contain not only the software potential victims are interested in, but also the trojan itself with all its components."

The exact initial access vector used in the campaign is unclear but it could potentially range from phishing to drive-by downloads to malicious ads.

Users who land on the fake site are prompted to download a ZIP installer package.

The installer, besides activating the standard installation process, stealthily drops the Fruity trojan, a Python-based malware that unpacks an MP3 file to load an image file to activate the multi-stage infection.

Fruity is also designed to bypass antivirus detection on the compromised host and ultimately launch the Remcos RAT payload using a technique called process doppelgänging.

News URL

https://thehackernews.com/2023/07/fruity-trojan-uses-deceptive-software.html

#RAT #trojan