Vulnerability Management, Email security, Malware

US, India subjected to phishing attacks with RATs

Share

U.S.- and India-based organizations have been targeted by the new MULTI#STORM phishing campaign that involved a multi-stage attack chain concluding with the deployment of Warzone RAT, also known as Ave Maria, Quasar RAT, and various other remote access trojan backdoors, The Hacker News reports. Phishing emails sent by attackers include a link redirecting to a password-protected ZIP file on OneDrive, which when extracted would show an obfuscated JavaScript file, according to a Securonix report. Double-clicking the file would trigger two PowerShell commands that would retrieve and execute payloads, eventually resulting in the delivery of Warzone RAT, which could then retrieve Quasar RAT and other payloads. "It's important to remain extra vigilant when it comes to phishing emails, especially when a sense of urgency is stressed. This particular lure was generally unremarkable as it would require the user to execute a JavaScript file directly. Shortcut files, or files using double extensions would likely have a higher success rate," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.