Phishing attacks with the ScrubCrypt crypter and BatCloak malware obfuscation engine have been launched by threat actors to facilitate multi-stage malware infections, reports The Hacker News.
Intrusions commence with the delivery of invoice-themed phishing emails containing Scalable Vector Graphics attachments, which when clicked trigger a ZIP archive with a BatCloak-based batch script and ScrubCrypt to evade security defenses before leading to Venom RAT malware execution, a report from Fortinet FortiGuard Labs revealed.
Researchers noted that Venom RAT establishes a connection with a command-and-control server to enable the delivery of other plugins, including a version of the remote access trojan with keylogging features, as well as the Remcos RAT, NanoCore RAT, and XWorm payloads.
"This analysis reveals a sophisticated attack leveraging multiple layers of obfuscation and evasion techniques to distribute and execute VenomRAT via ScrubCrypt… Furthermore, deploying plugins through different payloads highlights the versatility and adaptability of the attack campaign," said researcher Cara Lin.
