Security News

The threat actors behind RomCom RAT are leveraging a network of fake websites advertising rogue versions of popular software at least since July 2022 to infiltrate targets. The remote access trojan has since been used heavily in attacks targeting Ukrainian state bodies and military systems via spoofed versions of legitimate software.

The suspected Pakistan-aligned threat actor known as SideCopy has been observed leveraging themes related to the Indian military research organization as part of an ongoing phishing campaign. Interestingly, the same attack chains have been observed to load and execute Action RAT as well as an open source remote access trojan known as AllaKore RAT. The latest infection sequence documented by Fortinet is no different, leading to the deployment of an unspecified strain of RAT that's capable of communicating with a remote server and launching additional payloads.

A new phishing campaign has set its sights on European entities to distribute Remcos RAT and Formbook via a malware loader dubbed DBatLoader. "The malware payload is distributed through WordPress websites that have authorized SSL certificates, which is a common tactic used by threat actors to evade detection engines," Zscaler researchers Meghraj Nandanwar and Satyam Singh said in a report published Monday.

Ukraine's cyberpolice has arrested the developer of a remote access trojan malware that infected over 10,000 computers while posing as game applications. "The man developed viral software, which he positioned as applications for computer games."

A coordinated international law enforcement exercise has taken down the online infrastructure associated with a cross-platform remote access trojan known as NetWire. "NetWire is a licensed commodity RAT offered in underground forums to non-technical users to carry out their own criminal activities," Europol's European Cybercrime Center said in a tweet.

Worldwiredlabs.com, a domain utilized by cybercriminals to distribute the NetWire remote access trojan allowed perpetrators to assume control of infected computers and extract a diverse range of sensitive information from their unsuspecting victims. Law enforcement in Switzerland seized the computer server hosting the NetWire RAT infrastructure.

International law enforcement agencies have claimed another victory over cyber criminals, after seizing the website, and taking down the infrastructure operated by crims linked to the NetWire remote access trojan. On the same day, a US judge approved a seizure warrant that allowed federal authorities in Los Angeles to seize the internet domain, and Swiss law enforcement seized the server hosting the NetWire RAT infrastructure.

An international law enforcement operation involving the FBI and police agencies worldwide led to the arrest of the suspected administrator of the NetWire remote access trojan and the seizure of the service's web domain and hosting server. Since at least 2014, NetWire has been a tool of choice in various malicious activities, including phishing attacks, BEC campaigns, and to breach corporate networks.

Cybercriminals are disguising the PlugX remote access trojan as a legitimate open-source Windows debugging tool to evade detection and compromise systems. In a recent case detailed by Trend Micro, miscreants used a PlugX variant to hijack the popular x64dbg debugging tool to go undetected.

Cryptocurrency companies are being targeted as part of a new campaign that delivers a remote access trojan called Parallax RAT. The malware "Uses injection techniques to hide within legitimate processes, making it difficult to detect," Uptycs said in a new report. Parallax RAT grants attackers remote access to victim machines.