Intrusions spreading the FatalRAT malware have been deployed against information technology, telecommunications, manufacturing, healthcare, energy, logistics, construction, government, and transportation organizations in China, Japan, South Korea, Taiwan, Hong Kong, Thailand, Singapore, Malaysia, Vietnam, and the Philippines as part of a sweeping phishing campaign, according to The Hacker News.
Suspected Chinese-speaking threat actors distributed malicious emails with a ZIP archive that facilitated the execution of a first-stage loader fetching from Youdao Cloud Notes a FatalRAT configurator and a DLL file enabling the installation of FatalRAT from Chinese cloud content delivery network myqcloud, a report from Kaspersky ICS CERT showed.
Aside from conducting extensive checks of the targeted environment, FatalRAT also ends all rundll32.exe processes and obtains system and security software information before proceeding with keystroke logging, browser data compromise, Master Boot Record corruption, arbitrary process termination, and remote software downloads.
"FatalRAT's functionality gives an attacker almost unlimited possibilities for developing an attack: spreading over a network, installing remote administration tools, manipulating devices, stealing, and deleting confidential information," said researchers.
