RAT

Pierluigi Paganini February 23, 2020
ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

Cisco Talos researchers discovered a new malware, tracked as ObliqueRAT, that was employed targeted attacks against organizations in Southeast Asia. Experts from Cisco Talos discovered a new malware, tracked as ObliqueRAT, that appears a custom malware developed by a threat actor focused on government and diplomatic targets.  The malware was employed in targeted attacks against […]

Pierluigi Paganini December 09, 2019
New ‘PyXie’ Python RAT targets multiple industries

Researchers discovered a new Python-based RAT dubbed PyXie that has been used in campaigns targeting a wide range of industries. Experts at BlackBerry Cylance have spotted a new Python-based remote access Trojan (RAT) that has been used in campaigns targeting a wide range of industries. PyXie has been first observed in the wild in 2018, […]

Pierluigi Paganini October 01, 2019
A new Adwind variant involved in attacks on US petroleum industry

Adwind is back, a new variant of the popular RAT is targeting US petroleum industry entities with new advanced features. A new variant of the popular Adwind RAT (aka jRAT, AlienSpy, and JSocket) is targeting entities in the US petroleum industry. The new variant implements advanced features such as multi-layer obfuscation. The malware is distributed via a […]

Pierluigi Paganini August 15, 2019
Threat actors use a Backdoor and RAT combo to target the Balkans

Apparently financially-motivated threat actors carried out a long-term campaign against the Balkans involving a backdoor and a RAT to compromise the targets. Security experts from ESET uncovered a long-running campaign carried out by a financially-motivated threat actor. The attackers combined a backdoor dubbed BalkanDoor and a remote access Trojan tracked as BalkanRAT to take control […]

Pierluigi Paganini August 02, 2019
Nation-state actor uses new LookBack RAT to target US utilities

Experts warn of a phishing campaign targeting US companies in the utility sector aimed at infecting systems with a new LookBack RAT. Security experts at Proofpoint uncovered a phishing campaign targeting US companies in the utility sector aimed at infecting systems with a new LookBack RAT. “Between July 19 and July 25, 2019, several spear-phishing […]

Pierluigi Paganini July 08, 2019
Spotting RATs: Delphi wrapper makes the analysis harder

Experts observed an increase of the malware spreading using less-known archive types as dropper,in particular ISO image.Delphi wrapper makes analysis harder Introduction In the last period, we observed an increase of the malware spreading using less-known archive types as an initial dropper, in particular, ISO image. The spread of threats exploiting ISO image to hide […]

Pierluigi Paganini July 02, 2019
After 2 years under the radars, Ratsnif emerges in OceanLotus ops

Security experts spotted a news wave of attacks carried out by the OceanLotus APT group that involved the new Ratsnif Trojan. Experts at the security firm Cylance detected a new RAT dubbed Ratsnif that was used in cyber espionage operations conducted by the OceanLotus APT group. The OceanLotus APT group, also known as APT32 or Cobalt Kitty, is state-sponsored group that […]

Pierluigi Paganini June 25, 2019
Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Researchers at Microsoft uncovered a malicious campaign that delivers the infamous FlawedAmmyy RAT directly in memory. Experts at Microsoft uncovered a malicious campaign that delivers the FlawedAmmyy RAT directly in memory. The FlawedAMMYY backdoor borrows the code of the Ammyy Admin remote access Trojan, it allows attackers to get full access to a victim’s machine. […]

Pierluigi Paganini June 17, 2019
New phishing campaign targets bank customers with WSH RAT

Security researchers at Cofense have spotted a phishing campaign aimed at commercial banking customers distributing a new remote access trojan (RAT) tracked as WSH RAT. Security experts at Cofense Phishing Defence Center have spotted a phishing campaign aimed at commercial banking customers that is distributing a new remote access trojan tracked as WSH RAT. The […]

Pierluigi Paganini January 25, 2019
The Story of Manuel’s Java RAT.

Security experts from Cybaze-Yoroi ZLab investigated two malicious spam campaigns delivering Java RAT that show some similarities. Introduction During the last weeks, the Cybaze-Yoroi ZLab researchers identified infection attempts aimed to install RAT malware directed to the naval industry sector. The malicious email messages contained a particular Adwind/JRat variant delivered via several methods tailored to […]