Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
New Attack Uses Fake Icon To Deliver Trojan
#1
Quote:Email sample containing a .zipx attachment. Source: Trustwave
 
A new malspam campaign is delivering the NanoCore remote access Trojan as a malicious Adobe icon to infect its victims, a new report by security firm [color=var(--theme-link_a)]Trustwave finds.[/color]
 
The campaign begins with the attackers sending an email with an attachment called "NEW PURCHASE ORDER.pdf*.zipx." The attachment is an Abobe image file in RAR format, which, when unzipped using WinRAR or 72ip, downloads the NanoCore Trojan onto the victims' device.
"The motive behind the campaign is to hide the malicious executable from anti-malware and email scanners by abusing the file format of the ".zipx" attachment, which in this case is an Icon file with added surprises," the report notes.
NanoCore Capabilities
NanoCore RAT, also known as Nancrat, has been active since 2013. The malware is designed to steal information from PCs such as passwords and emails. It is also capable of accessing, modifying and obtaining copies of any files on the PC and activating webcams to spy on victims, as well as logging keystrokes.
 
Since the malware has been active, NanoCore RAT has been tied to attacks in at least 10 countries, including [color=var(--theme-link_a)]2015 attacks against energy firms in the Middle East and Asia.[/color]
 
In 2018, Taylor Huddleston, an Arkansas developer, was sentenced to serve more than two years in prison for developing and selling malware and malware distribution tools. He pleaded guilty to charges of aiding and abetting computer intrusions for developing, marketing and distributing NanoCore RAT as well as another strain (see: [color=var(--theme-link_a)]'NanoCore RAT' Developer Gets 33-Month Prison Sentence).[/color]
 
Although the malware author has been sentenced, NanoCore has been actively deployed by other threat actors. For example, in [color=var(--theme-link_a)]April 2020, security firm Cisco Talos uncovered a malspam campaign that deployed NanoCore using hosting sites such as Pastebin to host their infection components.[/color]
Similar Campaigns
Other hacking campaigns have also used similar tactics to deploy malware.
 
For instance, in May 2020, researchers at security firm Malwarebytes uncovered a campaign that hid malicious JavaScript skimmers in the "favicon" icons of several ecommerce websites to steal payment card data from customers (see: [color=var(--theme-link_a)]JavaScript Skimmers Found Hidden in 'Favicon' Icons).[/color]
 
Another campaign reported by [color=var(--theme-link_a)]Trustwave found that attackers were hiding the payload as a PNG image.[/color]


Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Eugene Kaspersky Targeted attack on our management with the Triangulation Trojan. mrtrout 0 668 06-02-2023 , 03:59 AM
Last Post: mrtrout
  Fake TSA PreCheck sites scam US travelers with fake renewals mrtrout 0 664 11-20-2021 , 11:55 PM
Last Post: mrtrout
  Phishing Attack Uses Fake Google reCAPTCHA Bjyda 0 1,872 03-07-2021 , 10:57 PM
Last Post: Bjyda
  Cloud apps are increasingly being used to deliver malware Bjyda 0 3,990 02-24-2021 , 11:38 PM
Last Post: Bjyda
  Phishing Attack Disables Google Play Protect, Drops Anubis Trojan sidemoon 0 1,593 02-06-2020 , 11:20 PM
Last Post: sidemoon



Users browsing this thread: 1 Guest(s)