برنامج ضار جافا سكريبت جديد يستخدم RATDispenser لتوزيع RAT
Security experts at HP اكتشف a new JavaScript malware called RATDispenser. The malware is used as a dropper: to infect systems and then deploy Remote Access Trojans (RAT).
According to experts, RATDispenser has been spreading for more than three months through spam emails with malicious attachments.
These files use the classic double-extension trick (filename.txt.js): they pretend to be text files, but when opened, they run JavaScript code.
If the user launches such a file, the RATDispenser malware decodes itself and launches a stand-alone VBScript, which then installs a remote access Trojan on the infected device. Over the past three months, malware has been used to spread at least eight different RATs, including STTRAT, WSHRAT, AdWind, Formbook, Remcos, Panda Stealer, GuLoader و Ratty.
The most interesting among them is Panda Stealer. This new family of malware, first seen in April 2021, targets cryptocurrency wallets. All of the Panda Stealer samples analyzed by the Hewlett Packard researchers were fileless variants that download additional payload from the paste.ee text storage site.
اسمحوا لي أن أذكرك أننا تحدثنا أيضًا عن حقيقة ذلك جديد BotenaGo Botnet Uses 33 مآثر ضد أجهزة إنترنت الأشياء.