Microsoft has issued a warning over RevengeRAT, a remote access tool (RAT) that has been used to target aerospace and travel industries with spear-phishing campaigns.
The phishing emails prompt employees to open a file disguised as an Adobe PDF attachment that downloads a malicious visual basic file.
Microsoft said the emails distribute a loader that delivers RevengeRAT, also known as AsyncRAT, while security firm Morphisec warned it also delivers the RAT Agent Tesla.
The installed RATs link to a command and control server and download more malware from paste sites such as pastebin.com.
The tools are used to steal credentials, video, and images from a webcam, and anything copied to the system clipboard for pasting elsewhere.
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA