AsyncRAT has emerged as a notable Remote Access Trojan (RAT) used by threat actors for its robust capabilities and ease of deployment. It gained favor for its extensive feature set, which includes keylogging, screen capturing, and remote command execution capabilities.
Its modular architecture, typically implemented in Python, provides flexibility and ease of customization, making it a preferred tool of choice for cybercriminals. During Trend Micro investigation of AsyncRAT infections, we observed Python scripts playing a central role in the infection chain, automating various stages of the attack. The initial payload, a Windows Script Host (WSH) file, was designed to download and execute additional malicious scripts hosted on a WebDAV server.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ancient ICEFOG APT malware spotted again in new wave of attacks
June 7, 2019
Malware developed by Chinese state-sponsored hackers that was once thought to have disappeared has been recently spotted in new attacks, in an updated and more dangerous form. Spotted by FireEye senior researcher Chi-en (Ashley) Shen, the malware is named ICEFOG (also known as Fucobha). It was initially used by a Chinese APT (advanced persistent threat, a technical ...
- Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw
June 7, 2019
An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system. SandboxEscaper is known for publicly dropping zero-day exploits for unpatched Windows vulnerabilities. In the past year, the hacker has disclosed ...
- New RCE vulnerability impacts nearly half of the internet’s email servers
June 7, 2019
A critical remote command execution (RCE) security flaw impacts over half of the Internet’s email servers, security researchers from Qualys have revealed today. The vulnerability affects Exim, a mail transfer agent (MTA), which is software that runs on email servers to relay emails from senders to recipients. According to a June 2019 survey of all mail servers ...
- A botnet is brute-forcing over 1.5 million RDP servers all over the world
June 6, 2019
Security researchers have discovered a new botnet that has been attacking Windows systems running a Remote Desktop Protocol (RDP) connection exposed to the Internet. Discovered by Renato Marinho of Morphus Labs, the researcher says the botnet has been seen attacking 1,596,571 RDP endpoints, a number that will most likely rise in the coming days. Named GoldBrute, the ...
- BlueKeep ‘Mega-Worm’ Looms as Fresh PoC Shows Full System Takeover
June 5, 2019
A working exploit for the critical remote code-execution flaw shows how an unauthenticated attacker can achieve full run of a victim machine in about 22 seconds. A researcher has created a proof-of-concept Metasploit module for the critical BlueKeep vulnerability, which successfully demonstrates how to achieve complete takeover of a target Windows machine. Reverse engineer Zǝɹosum0x0 tweeted about his ...
- Platinum is back
June 5, 2019
In June 2018, we came across an unusual set of samples spreading throughout South and Southeast Asian countries targeting diplomatic, government and military entities. The campaign, which may have started as far back as 2012, featured a multi-stage approach and was dubbed EasternRoppels. The actor behind this campaign, believed to be related to the notorious ...