HomesecurityNew JavaScript malware infects Windows PCs with RATs

New JavaScript malware infects Windows PCs with RATs

A new JavaScript loader called RATDispenser is used to infect devices with a variety of remote access trojans (RATs) in phishing attacks.

See also: Malware tries to take advantage of the new Windows Installer zero-day

advertisement

The new loader quickly created distribution partnerships with at least eight malware families, all designed to steal information and give hackers control of targeted devices.

In 94% of cases analyzed by the HP Threat Research team, RATDispenser does not communicate with a hacker-controlled server and is used exclusively as a first-level malware dropper.

YouTube

#mrbitcoin #konstantopoulou The Greek lawyer of the Russian technician - guru of cryptocurrencies will analyze the procedural situation in which the case of Mr. Bitcoin. In an exclusive interview with SecNews, Zoe Konstantopoulou answers all our questions regarding the case of Alexander Vinnik. Zoe Konstantopoulou revealed evidence of fire that testifies to the secret cooperation of the Greek Ministry of Justice with the Ministry of Justice of the United States of America. The reason for the existence of the secret agreements between Greece and the USA suggests, according to what was mentioned in the Press Conference, the urgent need of the United States to get involved in court issues in order to circumvent Mr Bitcoin's rights. One of the main reasons for the US obsession with the case is because they demand the extradition of Alexander Vinnik (America Vinnik) to America in order - according to Mrs. Konstantopoulou - to be used as a "weapon" in their hands against Russia. They seek to use it in the long-running cyber war between the United States and Russia. _______________________________________________________________________________ Follow Zoe Konstantopoulou: Website: https://www.zoikonstantopoulou.gr/ Facebook: https://www.facebook.com/zoe.konstantopoulou.official Follow us: Facebook: https://www.facebook.com/SecNews Instagram: https://www.instagram.com/secnews.gr Twitter: https://twitter.com/Secnews_GR

#mrbitcoin #konstantopoulou

The Greek lawyer of the Russian technician - guru of cryptocurrencies will analyze the procedural situation in which the case of Mr. Bitcoin.

In an exclusive interview with SecNews, Zoe Konstantopoulou answers all our questions regarding the case of Alexander Vinnik.

Zoe Konstantopoulou revealed evidence of fire that testifies to the secret cooperation of the Greek Ministry of Justice with the Ministry of Justice of the United States of America.

The reason for the existence of the secret agreements between Greece and the USA suggests, according to what was mentioned in the Press Conference, the urgent need of the United States to get involved in court issues in order to circumvent Mr Bitcoin's rights. One of the main reasons for the US obsession with the case is because they demand the extradition of Alexander Vinnik (America Vinnik) to America in order - according to Mrs. Konstantopoulou - to be used as a "weapon" in their hands against Russia. They seek to use it in the long-running cyber war between the United States and Russia.
___________________________________________________________________________
Follow Zoe Konstantopoulou:

Website: https://www.zoikonstantopoulou.gr/
Facebook: https://www.facebook.com/zoe.konstantopoulou.official

Follow us:

Facebook: https://www.facebook.com/SecNews
Instagram: https://www.instagram.com/secnews.gr
Twitter: https://twitter.com/Secnews_GR

1

YouTube Video UExnenByc0EwVkUxcTNYbHVuamNYUEY1SnppbVk2M19DVi5GM0Q3M0MzMzY5NTJFNTdE

Interview - Zoe Konstantopoulou for Alexander Vinnik

SecNewsTV July 29, 6:51 am

In contrast to the trend of using Microsoft Office documents to drop payloads, this loader uses JavaScript attachments, which HP has found to have low crawl rates.

The infection starts with a phishing email that contains a malicious JavaScript attachment called ".TXT.js". As Windows hides extensions by default, if a recipient saves the file to their computer, it will appear as a harmless text file.

See also: Hackers develop Linux malware on e-commerce servers

This text file is too obfuscated to bypass crawling by security software and will be decoded when the file is double-clicked and launched.

Once booted, the loader will write a VBScript file to the% TEMP% folder, which is then run to download the malware (RAT) payload.

These levels of obfuscation help prevent malware from being detected in 89% of cases, based on VirusTotal scan results.

However, email gateways will detect the loader if the organization has enabled blocking of executable attachments, such as .js, .exe, .bat, .com files.

Another way to stop the infection chain from unfolding is to change the default file manager for JS files, allow only digitally signed scripts to run, or disable WSH (Windows Script Host).

Over the past three months, HP researchers have recovered eight different malware payloads from RATDispenser.

JavaScript

See also: Alibaba ECS: Actively violated by cryptomining malware

The malware families detected are STRRAT, WSHRAT, AdWind, Formbook, Remcos, Panda Stealer, GuLoader and Ratty.

In 10 of the 155 samples analyzed, the loader introduced C2 communication for second-stage malware recovery, so although this is rare, functionality is there.

In 81% of malware drop cases, RATDispenser distributes STRRAT and WSHRAT (also known as Houdini), two powerful credential thieves and keyloggers.

Panda Stealer and Formbook are the only two payloads that are always received instead of rejected.

Overall, RATDispenser seems to serve the distribution of both old and new malware, serving as a flexible loader for threatening agents of all skill levels.

Source of information: bleepingcomputer.com

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.
spot_img

LIVE NEWS