AsyncRAT has emerged as a notable Remote Access Trojan (RAT) used by threat actors for its robust capabilities and ease of deployment. It gained favor for its extensive feature set, which includes keylogging, screen capturing, and remote command execution capabilities.
Its modular architecture, typically implemented in Python, provides flexibility and ease of customization, making it a preferred tool of choice for cybercriminals. During Trend Micro investigation of AsyncRAT infections, we observed Python scripts playing a central role in the infection chain, automating various stages of the attack. The initial payload, a Windows Script Host (WSH) file, was designed to download and execute additional malicious scripts hosted on a WebDAV server.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Talking to RATs: Assessing Corporate Risk by Analyzing Remote Access Trojan Infections
March 14, 2019
Remote access trojans (RATs) on a corporate system may serve as a key pivot point to access information laterally within an enterprise network. By analyzing network metadata, Recorded Future analysts were able to identify RAT command-and-control (C2) servers, and more crucially, which corporate networks were communicating to those controllers. This approach allows Recorded Future to ...
- Businesses warned over a new breed of BitLocker attacks
March 14, 2019
Devices protected using Microsoft BitLocker can be physically breached in a new form of attack that involves extracting the encryption keys from a computer’s Trusted Platform Module (TPM) chip. By hardwiring equipment into a computer’s motherboard, namely the TPM chip, attackers would be primed to access any sensitive corporate information stored on encrypted hard drives. This ...
- The fourth horseman: CVE-2019-0797 vulnerability
March 13, 2019
The new zero-day in the Windows OS exploited in targeted attacks In February 2019, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. We reported it to Microsoft on February 22, 2019. ...
- Yatron Ransomware Plans to Spread Using EternalBlue NSA Exploits
March 12, 2019
A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computer on a network. This ransomware will also attempt to delete encrypted files if a payment has not been made in 72 hours. BleepingComputer was first notified about the Yatron RaaS by a security ...
- From Fileless Techniques to Using Steganography: Examining Powload’s Evolution
March 12, 2019
Powload’s staying power in the threat landscape shows how far it has come. In fact, the uptick of macro malware in the first half of 2018 was due to Powload, which was distributed via spam emails. Powload was also one of the most pervasive threats in the North American region in 2018, using various techniques to deliver payloads such ...
- Island hopping: The latest security threat you should be aware of
March 12, 2019
While island hopping sounds like a great way to spend a holiday in Thailand or Greece, the term also refers to an advanced cyber attack technique. Though it’s not a new phenomenon, this type of attack increased in prevalence in 2018 and will likely become more and more common. The name ‘island hopping’ comes from a WWII ...