New JavaScript malware RATDispenser used to distribute RAT

Хелга Смитноември 29, 2021Последна актуализация: ноември 30, 2021
1 Минута четене

Security experts at HP са открили a new JavaScript malware called RATDispenser. The malware is used as a dropper: to infect systems and then deploy Remote Access Trojans (RAT).

Според специалисти, RATDispenser has been spreading for more than three months through spam emails with malicious attachments.

With an 11% detection rate, RATDispenser appears to be effective at evading security controls and delivering malware. In total, we identified eight malware families distributed using this malware during 2021. All the payloads were RATs, designed to steal information and give attackers control over victim devices.Hewlett Packard experts write.

These files use the classic double-extension trick (filename.txt.js): they pretend to be text files, but when opened, they run JavaScript code.

JavaScript

If the user launches such a file, the RATDispenser malware decodes itself and launches a stand-alone VBScript, which then installs a remote access Trojan on the infected device. Over the past three months, malware has been used to spread at least eight different RATs, включително STTRAT, WSHRAT, AdWind, Formbook, Remcos, Panda Stealer, GuLoader и Ratty.

RATDispensers

The most interesting among them is Panda Stealer. This new family of malware, first seen in April 2021, targets cryptocurrency wallets. All of the Panda Stealer samples analyzed by the Hewlett Packard researchers were fileless variants that download additional payload from the paste.ee text storage site.

The variety of malware families, many of which can be purchased or downloaded for free from underground marketplaces, and the fact that malware operators usually prefer to distribute their own payloads, suggest that the authors of RATDispenser operate in a malware-as-a-service manner. We are particularly concerned that only 11% of anti-virus products detect RATDispenser, and as a result, this malware, в повечето случаи, is successfully deployed to victim machines.пишат изследователите.
In total, HP found about 155 new malware samples belonging to three different versions, suggesting that the malware is still in development.

Let me remind you that we also talked about the fact that Нов Ботенаго Botnet Uses 33 Експлоатации срещу IoT устройства.

Етикети
Хелга Смитноември 29, 2021Последна актуализация: ноември 30, 2021
1 Минута четене

Хелга Смит

Винаги съм се интересувал от компютърни науки, особено сигурността на данните и темата, което се нарича в наши дни "наука за данни", от ранните ми тийнейджърски години. Преди да дойде в екипа за премахване на вируси като главен редактор, Работил съм като експерт по киберсигурност в няколко компании, включително един от изпълнителите на Amazon. Друг опит: Преподавам в университетите Арден и Рединг.

Оставете коментар

Вашият имейл адрес няма да бъде публикуван. Задължителните полета са маркирани *

Този сайт използва Akismet за намаляване на спама. Научете как се обработват вашите коментарни данни.

Бутон за връщане в началото