The year 2021 has just set in and it’s pouring trojans! It is no surprise that cybercriminals reaped fortunes in 2020, seeking different ways to propagate malware threats, especially trojans, during the global pandemic. While the number of such attacks looks grim in the past year, it is not expected to be any lower this year.
With the start of this year, the cyber threat landscape encountered multiple instances of cyberattacks from trojans, both old and new.
- Researchers from Morphisec Labs have tracked a new version of JSSLoader RAT that had breached into a customer’s network in December 2020. The various capabilities of the NET-based trojan are gaining persistence on systems, deploying malware, and stealing data, among others.
- A newly discovered ElectroRAT trojan has been found targeting cryptocurrency users since the start of 2021. The trojan was successful in emptying cryptocurrency wallets of thousands of Windows, Linux, and macOS users.
- North Korea-based APT37 threat actor group is held responsible for a fresh wave of attacks distributing the RokRat trojan against the South Korean government.
- A new Quaverse trojan campaign attempted to lure people into downloading a malicious attachment from phishing emails that pretended to contain a scandalous video of the U.S president.
- A freshly discovered Rogue RAT is being offered for sale or rent in darknet forums. Created by the Triangulum threat actor group, the trojan appears to use source code from two other Android RATs, called Cosmos and Hawkshaw.
- A new version of Ursnif trojan, capable of a wide variety of behaviors, has been spotted in the wild targeting Italian users.
Observations from the last year
With the start of the COVID-19 pandemic, malware authors began coming up with all sorts of tactics to abuse the fear and the curiosity of online users to deploy their malicious code. One of the common tactics related to this was of disguising as a widely used application and asking for unnecessary permissions to a user’s data. An example of such actions is a variant of the Cerberus banking trojan that leveraged the malicious ‘Corona-Apps.apk’ to trick users into installing it into their smartphones.
What can we infer from this?
On the whole, it can be said that malware authors are adapting quickly. They are exploiting unpatched software or devices and continuously pushing new malware campaigns. Additionally, since many trojans are now offered for sale or rent on dark web forums, it enables such attack campaigns to grow at a rapid pace.