Remote access Trojans that were born during the early development stages of the internet have grown into a major security issue with time.
A new malspam campaign has been spotted by researchers that are exploiting icon files to deceive victims into executing the NanoCore RAT. by exploiting the ZIPX file format, this ART attempts to evade detection from certain security solutions and email scanners.
What is New?
This new campaign seems to be an updated variation to an old one. To lure victims into executing the Trojan, the old technique was reliant on social engineering, leveraging a plausible hook. File formats and naming conventions are being used by the attackers in this new malspam campaign to keep the Trojan from getting detected. Nevertheless, both the campaigns require luring targets.
What Transpired in the past?
- Also known as the Nancrat, NanoCore RAT has been active since at least 2013.
- , the trojan has been connected to attacks in at least 10 countries, since its inception. This includes attacks against energy companies in Asia and the Middle East in 2015.
- Its author was sentenced in 2018, however, that didn’t stop other actors from deploying it.
- Last year, a malspam campaign that leveraged hosting sites to deploy this malware was also observed by researchers.
Some related incidents –
- The Clast82 dropper has been found disseminating ALientBot Banker and MRAT on infected Android devices.
- ObliqueRAT – a new campaign was also noticed using steganography to hide malicious codes and video content hosted on malicious sites.
The bottom line is that no one is completely immune to cyberattacks and RATs have gained a special place in the cybercrime landscape for the conniving actors who aim to steal users’ private data. Among the best ways to protect oneself includes following cybersecurity hygiene and staying cautious. It is time to strengthen cyber defenses with attackers getting more sophisticated with each passing day.
To read more, please check eScan Blog
