Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
RAT Hosted on PasteBin Leads to BSOD
#1
more here!
Reply
#2
I have read the news just now, thanks a lot
Reply
#3
dino, can you post more details or a link

The link doesn't open for me
Reply
#4
(11-01-2016 , 12:45 AM)tarekma7 Wrote: dino, can you post more details or a link

The link doesn't open for me


you can  read here:

Because malware authors never sleep, it is always entertaining to see what are the most recent tactics they're coming up with to distribute their payloads.
Security researchers from Malwarebytes have stumbled on a malware campaign that uses some pretty out-of-the-ordinary tactics.

The Malwarebytes team says they've discovered a tainted file called VMWare.exe, which appears to be a pirated or cracked version of the well-known VMWare virtualization software.

Suspicious file fetches PasteBin script that installs njRAT
Pieter Arntz, Malwarebytes malware researcher, says during the installation of this suspicious application, the installer would connect to PasteBin, a text sharing portal, access a page, and download a paste.

He says this paste contained a Visual Basic script, which the installer would run on the victim's PC. The script would also connect to an online server, download and execute another EXE file called Tempwinlogon.exe.

Arntz says this file would install the Bladabindi remote access trojan (RAT), also known as Derusbi or njRAT.

Operating from a file called Tr.exe, this RAT would be used to log the user's keystrokes using a keylogger component.

Malware crashes PC if they try to terminate its process
Arntz says that if users notice the suspicious process running on their PCs and attempted to terminate its process via Task Manager, the computer would instantly crash, showing a BSOD.

This behavior is similar to a JavaScript-based malware discovered by Kahu Security. Whenever users would attempt to terminate the process of that malware, it would shut down the user's PC, and restart itself thanks to a boot persistence mechanism it installed in a previous phase.

"Do consider changing your passwords though, if you have been infected with this RAT, since the passwords might have been compromised by this threat," Arntz warns users.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Encrypted phone service 'Encrochat' shutdown leads to 6,500 arrests mrtrout 0 500 06-27-2023 , 05:36 PM
Last Post: mrtrout
  Alibaba’s cloud platform that hosted Shanghai’s police database used outdated systems mrtrout 0 720 07-18-2022 , 02:27 PM
Last Post: mrtrout
  Ransomware attack at German hospital leads to death of patient mrtrout 0 910 09-17-2020 , 11:51 PM
Last Post: mrtrout
  Facebook Messenger Spam Leads to Adware, Malicious Chrome Extensions tarekma7 0 1,974 08-25-2017 , 01:26 PM
Last Post: tarekma7
  More than Half of the World's Malicious Websites Are Hosted in the US baziroll 0 2,191 04-20-2016 , 11:04 PM
Last Post: baziroll

Forum Jump:


Users browsing this thread: 1 Guest(s)