RATDispenser perisian hasad JavaScript baharu digunakan untuk mengedarkan RAT

Helga SmithNovember 29, 2021Kemas Kini Terakhir: November 30, 2021
1 bacaan minit

Security experts at HP telah menemui a new JavaScript malware called RATDispenser. The malware is used as a dropper: to infect systems and then deploy Remote Access Trojans (TIKUS).

Menurut pakar, RATDispenser has been spreading for more than three months through spam emails with malicious attachments.

With an 11% detection rate, RATDispenser appears to be effective at evading security controls and delivering malware. Secara keseluruhannya, we identified eight malware families distributed using this malware during 2021. All the payloads were RATs, designed to steal information and give attackers control over victim devices.Hewlett Packard experts write.

These files use the classic double-extension trick (filename.txt.js): they pretend to be text files, but when opened, they run JavaScript code.

JavaScript

If the user launches such a file, the RATDispenser malware decodes itself and launches a stand-alone VBScript, which then installs a remote access Trojan on the infected device. Over the past three months, malware has been used to spread at least eight different RATs, including STTRAT, WSHRAT, AdWind, Formbook, Remcos, Panda Stealer, GuLoader dan Ratty.

RATDispensers

The most interesting among them is Panda Stealer. This new family of malware, first seen in April 2021, targets cryptocurrency wallets. All of the Panda Stealer samples analyzed by the Hewlett Packard researchers were fileless variants that download additional payload from the paste.ee text storage site.

The variety of malware families, many of which can be purchased or downloaded for free from underground marketplaces, and the fact that malware operators usually prefer to distribute their own payloads, suggest that the authors of RATDispenser operate in a malware-as-a-service manner. We are particularly concerned that only 11% of anti-virus products detect RATDispenser, and as a result, this malware, Dalam kebanyakan kes, is successfully deployed to victim machines.Para penyelidik menulis.
Secara keseluruhannya, HP found about 155 new malware samples belonging to three different versions, suggesting that the malware is still in development.

Izinkan saya mengingatkan anda bahawa kita juga bercakap tentang fakta itu New BotenaGo Botnet Uses 33 Eksploitasi terhadap Peranti IoT.

Tag
Helga SmithNovember 29, 2021Kemas Kini Terakhir: November 30, 2021
1 bacaan minit

Helga Smith

Saya sentiasa berminat dalam sains komputer, terutamanya keselamatan data dan tema, yang dipanggil pada masa kini "sains data", sejak awal remaja saya. Sebelum menyertai pasukan Pembuangan Virus sebagai ketua Editor, Saya bekerja sebagai pakar keselamatan siber di beberapa syarikat, including one of Amazon's contractors. Satu lagi pengalaman: Saya ada mengajar di universiti Arden dan Reading.

Tinggalkan pesanan

Your email address will not be published. Required fields are marked *

Laman web ini menggunakan Akismet untuk mengurangkan spam. Ketahui cara data ulasan anda diproses.

Butang kembali ke atas