A new, sophisticated phishing attack has been observed delivering the AsyncRAT, a remote access trojan, as part of a malware campaign that's believed to have commenced last year.
Through a simple email phishing tactic with an HTML attachment, threat attackers are delivering AsyncRAT designed to remotely monitor and control its infected computers through a secure, encrypted connection.
The intrusions start with an email message containing an HTML attachment disguised as an order confirmation, which redirects the message recipient to a web page prompting the user to save an ISO file.
When the victim opens the ISO file, it is automatically mounted as a DVD Drive on the Windows host and includes either a .BAT or a .VBS file, which continues the infection chain to retrieve a next-stage component via a PowerShell command execution.
RATs such as AsyncRAT are typically used to create a remote link between a threat actor and a victim device, steal information, and conduct surveillance through microphones and cameras. They provide an array of advanced capabilities that give the attackers the ability to fully monitor and control the compromised machines.
The latest RAT campaign cleverly uses JavaScript to locally create the ISO file from a Base64-encoded string and mimic the download process, unlike other attacks that route the victim to a phishing domain set up explicitly for downloading the next-stage malware.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
