20 cities in Texas were hit by a coordinated ransomware attack
infosec

20 cities in Texas were hit by a coordinated ransomware attack

Twenty Texas local governments have been hit by a coordinated ransomware attack, the Information Resources Department announced Friday ...
Read More
infosec

Binance compensates the hacker who hacked it!

Binance, the cryptocurrency exchange company, intends to compensate the white hat hacker who breached his domain name and ...
Read More
infosec

The hacker who invaded Capital One has hacked other 30 companies

Further investigation into Paige A. Thompson, the hacker accused of causing data breach on Capital One, showed ...
Read More
infosec

Instantly update Windows 10 users. Critical vulnerabilities identified!

Microsoft warns Windows 10 users to update their operating system immediately because of two critical vulnerabilities. OR...
Read More
infosec

European Central Bank hacked!

The European Central Bank (ECB) closed one of its websites on Thursday after being hacked and infected by a hacker ...
Read More
Latest Posts

RAT targets financial institutions and government agencies

Security researchers have identified a new campaign targeting financial institutions and government agencies with a custom version of one remote access tool called 'Proyecto RAT'.

The payload uses the Yopmail, the one - time e - mail service, for C & C Communication. Yopmail is known for creating temporary inboxes.

RAT

Contamination procedure

According to the Trend Micro report, attack is primarily targeted at South American organizations, especially in Colombia. The infection starts with a customized E-mail sent to the target by open or infringing mail servers in the South American region.

The email contains one RTF attachment file and tempting message to draw the attention of users.

The attachment contains shorten links that direct victims to file sharing services. The delivery file is a macro-enabled MHTML file. The macrocode is responsible for receiving and executing the payload, Immediate Monitor RAT.

RAT

Monitor RAT monitors all network activities and includes information to perform the second stage of the payload. Imminent Monitor RAT supports a wide range of monitoring activities including espionage on keyboards, file transfer, screen shot capture, and audio recording.

The second stage of the payload is "Proyecto RAT" which uses the yopmail email service for C & C communication.

The malware is linked to one mailbox, reads the only available e-mail, analyzes it, and then extracts the subject of the e-mail.

Researchers believe that "Proyecto RAT" is either an old and limited version of the Xpert RAT, or a customization of Xpert RAT or a malware based on the Xpert RAT source code.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *