Microsoft has issued an alert over a remote access tool (RAT) dubbed RevengeRAT that it says has been used to target aerospace and travel sectors with spear-phishing emails.
RevengeRAT, also known as AsyncRAT, is being distributed via carefully crafted email messages that prompt employees to open a file masquerading as an Adobe PDF file attachment that in fact downloads a malicious visual basic (VB) file.
According to Microsoft, the phishing emails distribute a loader that then delivers RevengeRAT or AsyncRAT. Morphisec says it also delivers the RAT Agent Tesla.
“The campaign uses emails that spoof legitimate organizations, with lures relevant to aviation, travel, or cargo. An image posing as a PDF file contains an embedded link (typically abusing legitimate web services) that downloads a malicious VBScript, which drops the RAT payloads,” Microsoft said.
MORE
h/t DeploraVision
- AZ overturns election judgement to verify signatures
- Fifty More US Banks on the Verge of Failing
- A Full Blown US Conflict With Iran at Israel’s Insistence Is Approaching
- I am surprised a Japanese magazine would allow this to run, but it is correct…
- Inter-Bank Lending Has Stopped And We’re On The Verge Of A Crash
- “The Banks Are Melting”, And Signs Of A Major Credit Contraction Are Already Starting To Emerge
- ‘Largest Satanic Gathering in History’ Will Require Masks and Vaccinations
- New York Times: “Stolen Valor: The U.S. Volunteers in Ukraine Who Lie, Waste and Bicker. James Vasquez, in fact, was never deployed to Kuwait…”
- Bibi Netanyahu Squashes Embarrassing Anti-Christian Bill
- The market is being held up by 7 companies
Views: 0