Remember the late 1990s when the internet was still young and some kids would remotely control their friends’ PCs? It was then that remote access trojans took birth. Now, it has become a major security concern.
What’s going on?
Trustwave researchers have spotted a new malspam campaign that is exploiting icon files to deceive victims into executing the NanoCore RAT. This RAT is evading detection by anti-malware and email scanners by exploiting the ZIPX file format.
The seemingly new campaign is a variation of an old one. The old technique was reliant on social engineering, leveraging a plausible hook to lure victims into executing the trojan. In this malspam campaign, attackers are using file formats and naming conventions to keep the trojan from getting detected. Nevertheless, both the campaigns require luring targets.
Diving into history
- NanoCore RAT is also known as Nancrat and has been active since at least 2013.
- Since its inception, the trojan has been connected to attacks in at least 10 countries, including the attacks against energy companies in Asia and the Middle East in 2015.
- The author of NanoCore was sentenced in 2018, however, that didn’t stop other actors from deploying it. Last year, a malspam campaign was spotted that leveraged hosting sites to deploy this malware.
Here are some more incidents related to various RATS.
- The Class82 dropper has been found disseminating ALientBot Banker and MRAT on infected Android devices.
- A new campaign—ObliqueRAT—was discovered using steganography to hide malicious codes and video content hosted on malicious sites.
The bottom line
Nobody is completely non-susceptible to cyberattacks and RATs have gained a special place in the cybercrime landscape for the conniving actors who aim to steal users' private data. The best ways to protect yourself include following cybersecurity hygiene and staying cautious. As attackers are getting more sophisticated with each passing day, it is time to strengthen your defenses.