Open-source phishing toolkit Gophish has been exploited to distribute the DarkCrystal RAT, or DCRat, and newly emergent PoweRAT trojans as part of a phishing campaign against Russian-speaking users, The Hacker News reports.
Malicious emails with phishing links have been leveraged to launch either remote access trojan but while DCRat has been deployed through a remote HTML file, PowerRAT has been spread through a malicious Microsoft Word file that executes a rogue Visual Basic macro, according to a Cisco Talos study. "[PowerRAT] has the functionality of executing other PowerShell scripts or commands as directed by the [command-and-control] server, enabling the attack vector for further infections on the victim machine," said Cisco Talos researchers. Such findings follow a Netskope Threat Labs report detailing the distribution of DCRat through TrueConf and VK Messenger-impersonating HTML pages, as well as a Cofense report describing Remcos RAT or XWorm payload delivery through malicious content concealed in virtual hard disk files.
