AsyncRAT has emerged as a notable Remote Access Trojan (RAT) used by threat actors for its robust capabilities and ease of deployment. It gained favor for its extensive feature set, which includes keylogging, screen capturing, and remote command execution capabilities.
Its modular architecture, typically implemented in Python, provides flexibility and ease of customization, making it a preferred tool of choice for cybercriminals. During Trend Micro investigation of AsyncRAT infections, we observed Python scripts playing a central role in the infection chain, automating various stages of the attack. The initial payload, a Windows Script Host (WSH) file, was designed to download and execute additional malicious scripts hosted on a WebDAV server.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New tool automates phishing attacks that bypass 2FA
January 9, 2019
A new penetration testing tool published at the start of the year by a security researcher can automate phishing attacks with an ease never seen before and can even blow through login operations for accounts protected by two-factor authentication (2FA). Named Modlishka –the English pronunciation of the Polish word for mantis– this new tool was created ...
- Ransomware MongoLock Immediately Deletes Files, Formats Backup Drives
January 8, 2019
We have been following a new wave of MongoLock ransomware attacks that immediately deletes files upon infection instead of encrypting it, and further scans for other available folders and drives for file deletion. In the wild since December 2018, the ransomware demands a payment of 0.1 bitcoin from victims within 24 hours to retrieve the ...
- Your Word is Your Bond: Trust and Ethics in Underground Forums
January 7, 2019
Although the general public thinks of underground forums as a place where scams and suspicious dealings are rampant, the opposite is usually true: the threat actors who inhabit these sites often consider their reputation a major asset. Many of the individuals and groups in underground forums go to great lengths to ensure that transactions go through ...
- Spyware Disguises as Android Applications on Google Play
January 3, 2019
Trend Micro discovered a spyware (detected as ANDROIDOS_MOBSTSPY) which disguised itself as legitimate Android applications to gather information from users. The applications were available for download on Google Play in 2018, with some recorded to have already been downloaded over 100,000 times by users from all over the world. One of the applications we initially investigated ...
- A Dozen Flaws in Popular Mac Clean-Up Software Allow Local Root Access
January 3, 2019
A passel of privilege-escalation vulnerabilities in MacPaw’s CleanMyMac X software would allow a local attacker to gain root access to an Apple machine in various ways. CleanMyMac X is a cleanup application for MacOS that optimizes the drives and frees up space by scanning for unused, redundant or unnecessary files and deleting them. No fewer than ...
- Adobe Issues Emergency Patches for Two Critical Flaws in Acrobat and Reader
January 3, 2019
Adobe has issued an out-of-band security update to patch two critical vulnerabilities in the company’s Acrobat and Reader for both the Windows and macOS operating systems. Though the San Jose, California-based software company did not give details about the vulnerabilities, it did classify the security flaws as critical since they allow privilege escalation and arbitrary code execution in ...