New JavaScript malware RATDispenser used to distribute RAT

黑尔加·史密斯十一月 29, 2021最後更新: 十一月 30, 2021

59 1 分鐘閱讀

Security experts at HP 發現 a new JavaScript malware called RATDispenser. The malware is used as a dropper: to infect systems and then deploy Remote Access Trojans (鼠).

According to experts, RATDispenser has been spreading for more than three months through spam emails with malicious attachments.

With an 11% detection rate, RATDispenser appears to be effective at evading security controls and delivering malware. In total, we identified eight malware families distributed using this malware during 2021. All the payloads were RATs, designed to steal information and give attackers control over victim devices.Hewlett Packard experts write.

These files use the classic double-extension trick (filename.txt.js): they pretend to be text files, but when opened, they run JavaScript code.

JavaScript

If the user launches such a file, the RATDispenser malware decodes itself and launches a stand-alone VBScript, which then installs a remote access Trojan on the infected device. Over the past three months, malware has been used to spread at least eight different RATs, including STTRAT, WSHRAT, AdWind, Formbook, Remcos, Panda Stealer, GuLoader 和 Ratty.

RATDispensers

The most interesting among them is Panda Stealer. This new family of malware, first seen in April 2021, targets cryptocurrency wallets. All of the Panda Stealer samples analyzed by the Hewlett Packard researchers were fileless variants that download additional payload from the paste.ee text storage site.

The variety of malware families, many of which can be purchased or downloaded for free from underground marketplaces, and the fact that malware operators usually prefer to distribute their own payloads, suggest that the authors of RATDispenser operate in a malware-as-a-service manner. We are particularly concerned that only 11% of anti-virus products detect RATDispenser, and as a result, this malware, in most cases, is successfully deployed to victim machines.the researchers write.

In total, HP found about 155 new malware samples belonging to three different versions, suggesting that the malware is still in development.

Let me remind you that we also talked about the fact that 新增功能 BotenaGo Botnet Uses 33 Exploits against IoT Devices.

標籤

黑尔加·史密斯十一月 29, 2021最後更新: 十一月 30, 2021

59 1 分鐘閱讀

New JavaScript malware RATDispenser used to distribute RAT

Security experts at HP 發現 a new JavaScript malware called RATDispenser. The malware is used as a dropper: to infect systems and then deploy Remote Access Trojans (鼠).

黑尔加·史密斯

留言取消回覆

Remove BGZQ Ransomware Virus (+DECRYPT .bgzq Files)

Remove BGJS Ransomware Virus (+DECRYPT .bgjs Files)

移除KAAA勒索軟件病毒 (+解密.kaaa文件)

移除UAJS勒索軟件病毒 (+解密.uajs文件)

移除USZQ勒索軟件病毒 (+解密.uazq文件)

移除VOOK勒索軟件病毒 (+DECRYPT .vook文件)

移除LOOY勒索軟件病毒 (+DECRYPT.looy文件)

移除KOOL勒索軟件病毒 (+DECRYPT .kool文件)

移除NOOD勒索軟件病毒 (+DECRYPT.nood文件)

移除WIAW勒索軟件病毒 (+解密.wiaw文件)

移除WISZ勒索軟件病毒 (+DECRYPT.wisz文件)

移除LKFR Ransomware病毒 (+DECRYPT.lkfr 文件)

移除LKHY Ransomware病毒 (+DECRYPT.lkhy文件)

移除LDHY勒索軟件病毒 (+DECRYPT .ldhy文件)

移除KVIP Ransomware病毒 (+DECRYPT .kvip文件)

Security experts at HP 發現 a new JavaScript malware called RATDispenser. The malware is used as a dropper: to infect systems and then deploy Remote Access Trojans (鼠).

黑尔加·史密斯

Cynos malware from AppGallery infiltrated at least 9.3 million Android devices

Linux惡意軟件, CronRAT嘅, 屈喺日期唔正確嘅cron作業中

留言取消回覆

相關文章

新版本嘅Magniber勒索軟件威脅Windows 11 用戶

善意勒索迫使受害者做善事

俄羅斯Fronton殭屍網絡可以做嘅不僅僅昰大規模嘅DDoS攻擊

Microsoft警告XorDdos惡意軟件活動增加