AsyncRAT has emerged as a notable Remote Access Trojan (RAT) used by threat actors for its robust capabilities and ease of deployment. It gained favor for its extensive feature set, which includes keylogging, screen capturing, and remote command execution capabilities.
Its modular architecture, typically implemented in Python, provides flexibility and ease of customization, making it a preferred tool of choice for cybercriminals. During Trend Micro investigation of AsyncRAT infections, we observed Python scripts playing a central role in the infection chain, automating various stages of the attack. The initial payload, a Windows Script Host (WSH) file, was designed to download and execute additional malicious scripts hosted on a WebDAV server.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- L0rdix becomes the new Swiss Army knife of Windows hacking
November 21, 2018
A new hacking tool making the rounds in underground forums has been deemed the latest “go-to” universal offering for attackers targeting Microsoft Windows PCs. The software is called L0rdix and according to cybersecurity researchers from enSilo is “aimed at infecting Windows-based machines, combines stealing and cryptocurrency mining methods, can avoid malware analysis tools.” In a blog ...
- Russia’s Elite Hackers May Have New Phishing Tricks
November 20, 2018
A major question hanging over the United States midterm election season: Where was Russia? But while GRU hackersdidn’t directly interfere, they appear to be as active as ever. New research from two threat intelligence firms indicates that two prominent Russia-linked groups have been developing some clever phishing innovations, and are working purposefully to expand their reach. “There’s a lot of ramping ...
- True Identity of Notorious Hacker tessa88 Revealed
November 20, 2018
In early 2016, a previously unknown hacker operating under the alias of tessa88 publicly emerged after offering an extensive list of compromised, high-profile databases for sale. The hacker offered for sale the databases of companies such as VKontakte, Mobango, Myspace, Badoo, QIP, Dropbox, Rambler, LinkedIn, and Twitter, among others. Within several months of incredibly active ...
- Almost 50 Percent of 2018 Vulnerabilities Can Be Exploited Remotely
November 20, 2018
Approximately half of all vulnerabilities disclosed during 2018 come with a remote attack vector while only 13% of them require local access according to Risk Based Security’s 2018 Q3 Vulnerability Quick View Report. As reported by Risk Based Security, 16,172 vulnerabilities were published by their VulnDB team until the end of Q3 2018, with a 7% decrease when ...
- A little phishing knowledge may be a dangerous thing
November 19, 2018
Phishing works more frequently on those who understand what social engineering is than on those who live in blissful ignorance, or so a studyof students at University of Maryland, Baltimore County suggests. Citing IBM data suggesting human error is a factor in 95 per cent of security incidents, researchers from the school’s department of computer science and electrical engineering ...
- Hacking group returns, switches attacks from ransomware to trojan malware
November 16, 2018
A prolific hacking group has returned with a new campaign which looks to deliver a new remote access trojan (RAT) to victims in order to create a backdoor into PCs to steal credentials and banking information. The campaign is suspected to be the work of TA505, a well-resourced hacking group which has been active since at least 2014. ...