Security News

Uncle Sam blames best pal China as Taidoor crew's dirty RAT takes aim at Western orgs, some have their doubts
2020-08-04 14:06

A Chinese state-backed hacking crew named Taidoor is deploying a custom remote access trojan against Western organisations, according to US authorities. Taidoor is said by the Americans to be sponsored by the Chinese government, with their aim being "To maintain a presence on victim networks and to further network exploitation".

‘Coronavirus Report’ Emails Spread NetSupport RAT, Microsoft Warns
2020-05-22 15:39

Attackers use the ongoing coronavirus pandemic as a lure, as well as malicious Excel documents, to convince victims to execute the RAT. Researchers with Microsoft's security intelligence team said this week that that the ongoing campaign started on May 12 and has used several hundred unique malicious Excel 4.0 attachments thus far - a trend that researchers said they've seen steadily increase over the past month. The emails are titled "WHO COVID-19 SITUATION REPORT" and claim to give an update on the confirmed cases and deaths related to the ongoing pandemic in the U.S. The attached malicious Excel 4.0 document opens with a security warning and shows a graph of supposed coronavirus cases in the U.S. If a victim enables it, the macro is downloaded and the NetSupport Manager RAT is executed.

North Korean Hackers Release Mac Variant of Dacls RAT
2020-05-07 14:46

North Korea-linked hacking group Lazarus has been leveraging a Mac variant of the Dacls Remote Access Trojan, Malwarebytes reports. Last year, security researchers identified at least two macOS-targeting malware families used by Lazarus in attacks, and a new one appears to have been added to their arsenal: a Mac variant of the Linux-based Dacls RAT. Initially identified by security researchers with Qihoo 360 NetLab in December 2019, the Dacls backdoor targeted both Windows and Linux systems.

Taxpayers Targeted With Improved NetWire RAT Variant
2020-04-15 21:07

A new variant of the the NetWire remote access trojan is hitching a ride on IRS-themed phishing ploys targeting taxpayers in hopes of snatching victims' credentials and tax information. The NetWire variant's payload has also been given a facelift, with improved keylogger and credential-collecting features.

Boost security defenses against Kwampirs RAT malware with new list of IOCs
2020-03-25 13:00

ReversingLabs has analyzed clues from attacks by the Kwampirs remote access trojan to help software companies defend their organizations against this malware. In addition to attacks against supply chain software providers, the FBI said the same malware was also used in attacks against healthcare, energy, and financial companies.

APT36 Taps Coronavirus as ‘Golden Opportunity’ to Spread Crimson RAT
2020-03-17 15:07

A Pakistani-linked threat actor, APT36, has been using a decoy health advisory that taps into global panic around the coronavirus pandemic to spread the Crimson RAT. The functionalities of the Crimson RAT include stealing credentials from victims' browsers, capturing screenshots, collecting anti-virus software information, and listing the running processes, drives and directories from victim machines. Once victims click on the attached malicious document and enable macros, the Crimson RAT is dropped.

NetSupport Manager RAT Spread via Bogus NortonLifeLock Docs
2020-03-02 21:59

If a recipient opens the document via Microsoft Office Outlook, a prompt appears that asks users to "Enable content" to open the document - clicking "Yes" executes macros. This contains another PowerShell script that is responsible for installing the NetSupport Manager RAT onto the victim's machine.

Iran-Linked RAT Used in Recent Attacks on European Energy Sector
2020-01-23 13:12

Attacks recently identified to target a key organization in the European energy sector have employed a remote access Trojan previously associated with Iran-linked threat actors, Recorded Future reports. The researchers were able to identify a PupyRAT command and control server that communicated with a mail server for a European energy sector organization between November 2019 and at least January 5, 2020.

Liverpool Voyeur Used IM-RAT to Video Women at Home
2020-01-08 18:13

The defendant, Scott Crowley, said in a court hearing that he used Imminent Monitor to hack the victims' computer and phone webcams so he could spy on them and film them in various compromising positions, including undressing and having sex. The prosecutor on the case said that in examining Crowley's computer, officers discovered three folders named after each of his victims; these contained images and videos of the women undressing, and in some cases having sex.

New 'PyXie' RAT Used Against Multiple Industries
2019-12-04 15:05

A new Python-based remote access Trojan (RAT) has been used in campaigns targeting a wide range of industries, BlackBerry Cylance revealed this week. read more