Security News

Agent Tesla RAT Returns in COVID-19 Vax Phish
2021-06-21 17:20

"Attached herewith is the revised circular," the malicious email reads. "Since 50 percent of the malicious emails targeted South Korea, we can speculate that threat actors were closely monitoring local news about the vaccination campaign in the country and anticipated shipment of 14 million doses of coronavirus vaccine," the spokesperson said.

Email Campaign Spreads StrRAT Fake-Ransomware RAT
2021-05-21 13:27

An email campaign is delivering a Java-based remote access trojan that can not only steal credentials and take control of systems, but also presents as fake ransomware, Microsoft researchers have discovered. The Microsoft Security Intelligence team has outlined details of a "Massive email campaign" delivering the StrRAT malware that they observed last week and reported in a series of tweets earlier this week.

Fresh Loader Targets Aviation Victims with Spy RATs
2021-05-13 14:55

A cyberattack campaign that goes after aviation targets has been uncovered, which is spreading remote access trojan malware bent on cyber-espionage. Once installed, the RATs connect to a command-and-control server that's hosted on a dynamic hosting site to register with the attackers.

Novel Email-Based Campaign Targets Bloomberg Clients with RATs
2021-04-21 12:00

A new email-based campaign by an emerging threat actor aims to spread various remote access trojans to a very specific group of targets who use Bloomberg's industry-based services. Researchers have been tracking the email based campaign since Fajan first commenced activity in March, recovering a "Relatively low volume" of samples that make it tricky to determine "Whether the campaigns are carefully targeted or mass-spammed," according to a report posted online Wednesday.

Lazarus APT Hackers are now using BMP images to hide RAT malware
2021-04-19 22:33

A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap image file to drop a remote access trojan capable of stealing sensitive information. Attributing the attack to the Lazarus Group based on similarities to prior tactics adopted by the adversary, researchers from Malwarebytes said the phishing campaign started by distributing emails laced with a malicious document that it identified on April 13.

100,000 Google Sites Used to Install SolarMarker RAT
2021-04-14 14:48

Hackers are using search-engine optimization tactics to lure business users to more than 100,000 malicious Google sites that seem legitimate, but instead install a remote access trojan, used to gain a foothold on a network and later infect systems with ransomware, credential-stealers, banking trojans and other malware. Attackers use Google search redirection and drive-by-download tactics to direct unsuspecting victims to the RAT-tracked by eSentire as SolarMarker.

Google Sites blight: Over 100,000 web pages for business form searches overrun with backdoor RATs
2021-04-14 01:22

More than 100,000 web pages hosted by Google Sites are being used to trick netizens into opening business documents booby-trapped with a remote-access trojan that takes over victims' PCs and hands control to miscreants. Infosec outfit eSentire on Tuesday said it has noted a wave of so-called search redirection shenanigans, in which people Googling for business forms and the like are shown links to web pages published via Google Sites - a Google-hosted web service - that offer a download of whatever materials they were looking for.

Spy Operations Target Vietnam with Sophisticated RAT
2021-04-05 21:04

An advanced cyberespionage campaign targeting government and military entities in Vietnam has been discovered that delivered a remote-access tool for carrying out espionage operations, researchers said. Further analysis suggested that this campaign was conducted by a group related to a Chinese-speaking advanced persistent threat known as Cycldek, according to Kaspersky researchers, who added that the group has been active since at least 2013.

US taxpayers targeted with RAT malware in ongoing phishing attacks
2021-03-18 15:58

US taxpayers are being targeted by phishing attacks attempting to take over their computers using malware and steal sensitive personal and financial information. "The potential for damage is serious and the malware allows threat actors to gain full control over a victim's machine and steal sensitive information from users or their employers."

NanoCore RAT Scurries Past Email Defenses with .ZIPX Tactic
2021-03-11 18:58

That's according to researchers at Trustwave, who found that the campaign is effectively hiding a malicious executable by giving it a.ZIPX file extension, which is used to denote that a.ZIP archive format is compressed using the WinZip archiver. In reality, the appended file is an Icon image file wrapped inside a.RAR package.