Best News Network

This stealthy malware delivers a ‘silent threat’ that wants to steal your passwords | ZDNet

Cyber criminals are using a new JavaScript downloader to distribute eight different kinds of remote access Trojan (RAT) malware and information-stealing malware in order to gain backdoor control of infected Windows systems, as well as steal usernames, passwords and other sensitive data. 

The downloader has been detailed by cybersecurity researchers at HP Wolf Security, who’ve called it RATDispenser.  

The initial entry point for attacks is a phishing email that claims to contain a text file about a product order. Clicking the malicious file will run the process for installing RATDispenser malware. In order to avoid detection, the initial JavaScript download is obfuscated with the aid of long strings of code to help hide the malicious intent.

SEE: A winning strategy for cybersecurity (ZDNet special report)

Once installed, RATDispenser is used to distribute a range of different malware, including trojans, keyloggers and information stealers, all designed to steal sensitive data from the user. 

The most frequently distributed malware downloads are STRRAT and WSHRAT, which account for four in five of the analysed samples. But other forms of malware RATDispenser have been distributed, including invasive information stealers such as Adwind, Formbook, Remcos, Panda Stealer, GuLoader and Ratty.

Some of these trojans, like Panda Stealer, are relatively new, having only been discovered this year, while others, such as WSHRAT, have been active for many years. 

At the time the research was published, RATDispender was only detected by one in 10 available anti-virus engines. 

“It’s particularly concerning to see RATDispenser only being detected by about 11% of antivirus systems, resulting in this stealthy malware successfully deploying on victims’ endpoints in most cases,” said Patrick Schlapfer, malware analyst at HP.  

“RATs and keyloggers pose a silent threat, helping attackers to gain backdoor access to infected computers and steal credentials from business accounts or even cryptocurrency wallets. From here, cyber criminals can siphon off sensitive data, escalate their access, and in some cases sell this access on to ransomware groups,” he added.  

In order to protect users from attacks by RATDispenser and the malware it drops, researchers recommend that network administrators audit which email attachment file types are allowed by their email gateway and blocking execuatables that aren’t needed – such as JavaScript or VBScript.

MORE ON CYBERSECURITY

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.